Ghaf Kill Switch
Overview
Section titled “Overview”ghaf-killswitch is a command-line utility in Ghaf that enables runtime toggling of certain hardware devices.
It supports listing known devices, disabling (blocking) them, and re-enabling (unblocking) them.
This capability is useful for privacy control, resource isolation or dynamic hardware management within the Ghaf host/VM architecture.
It currently supports three device types:
| Keyword | Description |
|---|---|
mic | Internal Audio & microphone PCI devices (used by the audio-vm) |
net | WLAN / network PCI device (used by the net-vm) |
cam | Internal camera device (used by the business-vm) |
Note: Some hardware platforms may already include a physical camera kill switch (e.g. via Fn-key) which overrides software control.
Usage & Commands
Section titled “Usage & Commands”Run ghaf-killswitch with sudo to control devices. General usage:
[ghaf@ghaf-host:~]$ sudo ghaf-killswitch <command> [device]Where <command> is:
list— show all supported devices for kill switch functionalityblock <device>— disable / remove the specified deviceunblock <device>— enable / add the specified devicehelp— show usage instructions
Examples
Section titled “Examples”List devices
Section titled “List devices”[ghaf@ghaf-host:~]$ sudo ghaf-killswitch listDisable internal microphone
Section titled “Disable internal microphone”[ghaf@ghaf-host:~]$ sudo ghaf-killswitch block micCheck inside the gui-vm to confirm:
[ghaf@gui-vm:~]$ nix-shell -p pulseaudio --run "pactl list sources short"Disable Wi-Fi
Section titled “Disable Wi-Fi”[ghaf@ghaf-host:~]$ sudo ghaf-killswitch block netCheck inside net-vm or GUI to confirm:
[ghaf@net-vm:~]$ nmcli device statusDisable internal camera
Section titled “Disable internal camera”[ghaf@ghaf-host:~]$ sudo ghaf-killswitch block camCheck inside business-vm to confirm:
[ghaf@business-vm:~]$ lsusbRe-enable all devices
Section titled “Re-enable all devices”[ghaf@ghaf-host:~]$ sudo ghaf-killswitch unblock mic[ghaf@ghaf-host:~]$ sudo ghaf-killswitch unblock net[ghaf@ghaf-host:~]$ sudo ghaf-killswitch unblock camLimitations & Known Issues
Section titled “Limitations & Known Issues”- No persistence across reboots — manual re-application is required after boot.
- GUI anomalies — audio UI elements may misbehave when mic is disabled.
- Disabling the microphone will stop only internal audio playback and audio recording functionality.
- Support for blocking external USB devices like camera, microphone is currently unavailable.
Security & Permissions
Section titled “Security & Permissions”ghaf-killswitchrequires root (or elevated) privileges to execute hardware changes.- Access should be limited to trusted users / automation.