Why is it that the linux module for my ethernet device is loaded in dom0? 
There's obviously no networking, /proc/net/dev and ifconfig only show

The module is also loaded in, and provides the device to sys-net, of course.

Seemed odd to even have networking device Linux modules (existing) in dom0
at all.  It's slightly uncomfortable to see, lol.  Is there a reason for

Also, where audio has reportedly been used for exfiltration of data by
even air-gapped machines, it's always a good idea to disable audio in VM's
that don't need them (net, firewall).  It's also a waste of memory/CPU (on
startup at leas), to load pulseaudio and its dependencies.

The System Tools -> Pulse Volume Control (and the other Pulse menu items)
give you finer control over per-VM audio device access.  Similarly,
turning off input audio device access for most VM's is probably a good
idea too.

Also, what's the PC Speaker driver in the VM's?  Can it arbitrarily play
tones on the sound card in dom0?  Again, slight risk of data exfiltration
on air-gapped machines, if so.  I leave my speaker disconnected, but
again, it's still using a bit of memory/CPU to load an unnecessary driver.
 I don't need beeps from sys-net/sys-firewall.

Are there any thoughts of moving sound cards out of dom0?  Where the VM's
much forward their audio to dom0 and it's sound card, can this instead be
directed to a separate VM which is assigned the PCI sound card?


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to