(Accidentally posted this to the tail of another thead; I assumed a
subject change would create a new thread. Whoops. Reposting.)
Why is it that the linux module for my ethernet device is loaded in dom0?
There's obviously no networking, /proc/net/dev and ifconfig only show
The module is also loaded in, and provides the device to sys-net, of course.
Seemed odd to even have networking device Linux modules (existing) in dom0
at all. It's slightly uncomfortable to see, lol. Is there a reason for
Also, where audio has reportedly been used for exfiltration of data by
even air-gapped machines, it's always a good idea to disable audio in VM's
that don't need them (net, firewall). It's also a waste of memory/CPU (on
startup at least), to load pulseaudio and its dependencies.
The System Tools -> Pulse Volume Control (and the other Pulse menu items)
give you finer control over per-VM audio device access. Similarly,
turning off input audio device access for most VM's is probably a good
Is there perhaps a way using the VM's services tab to disable the
pulseaudio server on a per-VM basis?
Also, what's the PC Speaker driver in the VM's? Can it arbitrarily play
tones on the sound card in dom0? Again, slight risk of data exfiltration
on air-gapped machines, if so. I leave my speaker disconnected, but
again, it's still using a bit of memory/CPU to load an unnecessary driver.
I don't need beeps from sys-net/sys-firewall.
Are there any thoughts of moving sound cards out of dom0? Where the VM's
much forward their audio to dom0 and its sound card, can this instead be
directed to a separate VM which is assigned the PCI sound card?
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.