(Accidentally posted this to the tail of another thead; I assumed a
subject change would create a new thread.  Whoops.  Reposting.)

Why is it that the linux module for my ethernet device is loaded in dom0?
There's obviously no networking, /proc/net/dev and ifconfig only show

The module is also loaded in, and provides the device to sys-net, of course.

Seemed odd to even have networking device Linux modules (existing) in dom0
at all.  It's slightly uncomfortable to see, lol.  Is there a reason for

Also, where audio has reportedly been used for exfiltration of data by
even air-gapped machines, it's always a good idea to disable audio in VM's
that don't need them (net, firewall).  It's also a waste of memory/CPU (on
startup at least), to load pulseaudio and its dependencies.

The System Tools -> Pulse Volume Control (and the other Pulse menu items)
give you finer control over per-VM audio device access.  Similarly,
turning off input audio device access for most VM's is probably a good
idea too.

Is there perhaps a way using the VM's services tab to disable the
pulseaudio server on a per-VM basis?

Also, what's the PC Speaker driver in the VM's?  Can it arbitrarily play
tones on the sound card in dom0?  Again, slight risk of data exfiltration
on air-gapped machines, if so.  I leave my speaker disconnected, but
again, it's still using a bit of memory/CPU to load an unnecessary driver.
 I don't need beeps from sys-net/sys-firewall.

Are there any thoughts of moving sound cards out of dom0?  Where the VM's
much forward their audio to dom0 and its sound card, can this instead be
directed to a separate VM which is assigned the PCI sound card?



You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to