(Accidentally posted this to the tail of another thead; I assumed a subject change would create a new thread. Whoops. Reposting.)
Why is it that the linux module for my ethernet device is loaded in dom0? There's obviously no networking, /proc/net/dev and ifconfig only show localhost. The module is also loaded in, and provides the device to sys-net, of course. Seemed odd to even have networking device Linux modules (existing) in dom0 at all. It's slightly uncomfortable to see, lol. Is there a reason for this? Also, where audio has reportedly been used for exfiltration of data by even air-gapped machines, it's always a good idea to disable audio in VM's that don't need them (net, firewall). It's also a waste of memory/CPU (on startup at least), to load pulseaudio and its dependencies. The System Tools -> Pulse Volume Control (and the other Pulse menu items) give you finer control over per-VM audio device access. Similarly, turning off input audio device access for most VM's is probably a good idea too. Is there perhaps a way using the VM's services tab to disable the pulseaudio server on a per-VM basis? Also, what's the PC Speaker driver in the VM's? Can it arbitrarily play tones on the sound card in dom0? Again, slight risk of data exfiltration on air-gapped machines, if so. I leave my speaker disconnected, but again, it's still using a bit of memory/CPU to load an unnecessary driver. I don't need beeps from sys-net/sys-firewall. Are there any thoughts of moving sound cards out of dom0? Where the VM's much forward their audio to dom0 and its sound card, can this instead be directed to a separate VM which is assigned the PCI sound card? Thanks. JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e63f92bbc5fc49ae6bbb484ba0cbdec0.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.