-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-08-04 07:28, Marek Marczykowski-Górecki wrote: > On Thu, Aug 04, 2016 at 02:02:59PM +0000, 46l47g+27idcs742td9g via > qubes-users wrote: >> Hi, > >> I finally managed to put this to work, the missing part was to install >> the qubes-usb-proxy also on the sys-usb as well (mea culpa) :) I'm now >> able to attach the webcam to any AppVM, unfortunately the only caveat is >> that when I unassigned the device from the AppVM back to the sys-usb I'm >> not able to get the camera working again on the sys-usb - the device >> doesn't seem to be present. > > Indeed this is how it is working now. Mostly because device is still > connected to usbip-host driver and isn't switched back to the original > one. > >> Is this the expected behavior? > > That's a good question. I think the most common use case would be to > either: - use device directly in sys-usb all the time - for example if you > use a different mechanism to make it available to other VMs - like > qvm-block, or simply mount it there and copy to/from files using qubes file > copy - don't use it in sys-usb at all and only attach to some VM when > needed - like for webcam - you don't have your video call credentials in > sys-usb, but in some other dedicated VM > > Generally it is based on assumption that sys-usb serves only as an > interface to the devices, but all the data is stored in some AppVM. > > If this is correct, switching device driver back to the original one is > just waste of time. > > Joanna, Andrew, what do you think? >
I agree. We should assume that sys-usb is compromised (due to the existence of things like BadUSB). We certainly don't want the user's webcam spying on him or her from sys-usb, so the safe default would be not to switch the device driver back to sys-usb (at least not without explicit user consent). - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXo+xzAAoJENtN07w5UDAwMLQP/iOIsSfBG6WbwEyxNNxMkPb6 RebJeHc86PL+UnVz8VIPEmn0Lwu8we19TCjCUYfR/gvXx1Ey012oOAWJPpwCuRcz jr+64C7ol9pDsw50k1rZprzV5gHxQYgjsPPrPg004CjuTR2Fm2wq/6oY7hTTXNPi eWeXKK+cah92pF+mqqKaxKog+DGI2uDjCDhrR1Utbjfijt8KQUeUMEeybDljB6Qj HaIC+jsDlZi4NPwOduJdpqzjGauXl/ms/0UwmrWRk22MlQXbDZOqN3mPpxWNHv0t 5bRZKVmvF+Ag6p8ZfdXBCxffZaclPA7Y+pPIVbAePiCGXF0xqI9L9kdoufwxb2Zq wH1ow0ocwIk4AyCMiwTco2tx5xfCCrq5or/kF24wRtBlVInJf3G2PlKCUk0NP1wp H2yaoxx1kqGWGm08SX1vL/QJ+yL+vCkjuf9fmlngIJCrqCwtUdyhj5kBfz1XkQXZ 9htHkqblCX9WJcR6O6SVpSvKTcE84bkPGqyjygA3kgFH/X3Er1ACQ2VpzmdXdnwk 2/gnueLRA6g0JYICuJ+FiRBOLNtIf9ziqrsJGe7NuvSMim0ObBeG68fq2MYJ6+Tn zbfINKHMAR2CK7n1NBv5hYSrxlq7p4M7ibh1Bq/s8m6owc3K7GMyE6dAUNMI8UN/ 2GOaV0djCayOtihVnhcI =yeA+ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/32fe844e-e075-c6d6-a96e-40140318df2c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
