Why is it that the linux module for my ethernet device is loaded in dom0? There's obviously no networking, /proc/net/dev and ifconfig only show localhost.
The module is also loaded in, and provides the device to sys-net, of course. Seemed odd to even have networking device Linux modules (existing) in dom0 at all. It's slightly uncomfortable to see, lol. Is there a reason for this? Also, where audio has reportedly been used for exfiltration of data by even air-gapped machines, it's always a good idea to disable audio in VM's that don't need them (net, firewall). It's also a waste of memory/CPU (on startup at leas), to load pulseaudio and its dependencies. The System Tools -> Pulse Volume Control (and the other Pulse menu items) give you finer control over per-VM audio device access. Similarly, turning off input audio device access for most VM's is probably a good idea too. Also, what's the PC Speaker driver in the VM's? Can it arbitrarily play tones on the sound card in dom0? Again, slight risk of data exfiltration on air-gapped machines, if so. I leave my speaker disconnected, but again, it's still using a bit of memory/CPU to load an unnecessary driver. I don't need beeps from sys-net/sys-firewall. Are there any thoughts of moving sound cards out of dom0? Where the VM's much forward their audio to dom0 and it's sound card, can this instead be directed to a separate VM which is assigned the PCI sound card? JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9d649acd83630ac192261f426c4345b3.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
