Cacomania: Turn your Linux system into a sandbox with KVM

Cacomania

Turn your Linux system into a sandbox with KVM

Guido Krömer - 10. August 2012 - Tags: , , , ,

Using a sandbox system is in many cases really handy, but a sandbox that is a snapshot of your "main" system is a little bit more handy. For example, if you want to test how a system update will perform, especially if you are using Arch or Gentoo Linux, on your main system or just for testing new software without messing up or destroying your system.

sandbox running as kvm

This a screenshot of my Thnkpad T61 running Xubuntu 12.04 with a running sandbox vm.

The only thing you need is a CPU with virtualisation capabilities, the Kernel-based Virtual Machine needs this. Intel calls this feature VT-x and AMD AMD-V. Almost every newer CPU, except the Intel Atom series, have this feature, even my Thinkpad x121e with a cheap AMD E-450 Brazos CPU.

Try the following command to check your CPU for virtualisation features.

# grep -E "(vmx|svm)" -o /proc/cpuinfo

The first step is loading the needed kernel modules, depending on the cpu installed in your system:

System: AMD CPU with Arch Linux

# modprobe kvm && modprobe kvm_amd

System: Intel CPU with Xubuntu 12.04

# modprobe kvm && modprobe kvm-intel

If this step fails, it seems that virtualisation is disabled in your BIOS settings.

The last step before starting your new Sandbox is installing QEMU-KVM, which is needed by KVM, as hint on Arch Linux and Ubuntu the package is called "qemu-kvm".

I prefer you to use the vmware driver if you want to use any kind of GUI, because this virtual vga card supports more resolution in comparison with the QEMU's default Cirrus Logic card. On my Arch Linux system I had to install this additional video driver, which should be done on the host system to ensure that the driver is available during boot of the sandbox.

# pacman -S xf86-video-vmware

The really last step is starting the virtual machine, but don't forget to use the -snapshot param, otherwise two processes will writing on the same block device which could destroy your entire system! Using the -snapshot param makes QEMU writing all changes to a temporary file instead to the real disk, so this param is all the magic about creating a sandbox just in time using KVM.

# qemu-kvm -snapshot /dev/sda -vga vmware -m 4096 -cpu host -k de -net nic,vlan=1,model=virtio -net user,vlan=1

The important part is "qemu-kvm -snapshot /dev/sda", you maybe need to replace sda with your physical hard disk. The other params telling KVM/QEMU how much memory should be reserved in MB (-m) or defining a virtual network card...

And don't forget use this at your own risk!