I’m trying out the latest and greatest on Fedora Silverblue. All around I am pleased with the immutable nature of the operating system except for the noticeable exception of virtual machines. I am most experienced with VirtualBox. Although it can be installed, the proprietary extension pack needed for enabling USB 3/XHCI requires writing to /usr and a few other paths. That is obviously not an option with Silverblue.
I then turned to libvirt, virt-manager and possibly GNOME Boxes.
I was able to install all of my VMs in non-root libvirt (qemu:///session). Since I also want to be able to have bridged networking (for Kali to use nmap and other ARP functions on the local network) I tried creating a bridge device. virt-manager doesn’t allow creating a bridge device without root (I’ve filed a bug report and it was discussed that while we could allow escalation just for creation, that wasn’t a worthwhile use case for the time being). So, I tried creating a bridge device manually and libvirt failed with a “permission denied by acl” error when trying to boot the VM.
I can create a bridge in an escalated QEMU session (qemu:///system) but this is not ideal. Not only are my images stored in /var/lib/libvirt (taking up space on my small root partition) but I would rather steer away from escalation as much as possible.
Creating bridge networks without root is possible on VirtualBox. Anyone have any suggestions? I just need a good VM solution on Silverblue.
SELinux contexts don’t allow root qemu to access images anywhere else. I haven’t invested the time to figure out how to add an exception. Plus, storing system VM images in my home drive that end up being owned by qemu and set with a different context isn’t really compatible with the common filesystem paradigm.
I have put my VM’s in my $HOME and not had any issues with respect to SELinux ever hampering me, and I use Silverblue daily. Though in truth I don’t use my VM’s daily since they are largely for MS Win based proprietary solutions that I need for certain customers. When I do need them I haven’t run across any issues with either Virt-Manager or Boxes (now) running them. I had more difficulty with Boxes and the USB port which I needed for communication to the specific hardware that uses closed proprietary drivers, while Virt-Manager gave the flexibility needed to overcome those issues. Having said that, I haven’t needed to spin them up for over two months currently, so…