On Tue, Mar 01, 2016 at 07:51:48PM +0000, bancfc(a)openmailbox.org wrote: >For better system anonymity (to decouple VM OS timestamps leaked in >traffic from host ones) a feature can be added to the clock offset >variable to select randomly from a specified range of seconds from >instead of a fixed number of seconds. That way a guest's clock can vary >unpredictably from the host's and confuse correlation by network >adversaries. > >Full Disclosure: I am from the Tor centric Whonix Project - whonix.org >and this would be a very useful feature for us. > Interesting idea. Should this be automated, I would expect this to be done above libvirt, using libvirt's APIs. Particularly virDomainSetTime [1] could be of use. There's a virsh command for that as well, called domtime that can be called from a script.

On 2016-03-02 10:22, Daniel P. Berrange wrote: > > Agreed, this feature is really a specific usage policy. Libvirt aims to > focus on providing mechanism, letting specific policies be implemented > by the management applications using libvirt. We already allow the time > offset to be set to an arbitrary number of seconds, so apps starting a > guest can change that value as desired each time. So I don't think > there is anything should do in libvirt for this. > > > Regards, > Daniel :( I can't really use the guest-agent because its advised against running it in an untrusted environment. Has this situation changed? Also the changes we can do on the host side is really limited to just a VMs configuration XML to keep things simple and self contained.