Ghaf Kill Switch
Overview
Section titled “Overview”ghaf-killswitch is a command-line utility in Ghaf that enables runtime toggling of certain hardware devices.
It supports listing known devices, disabling (blocking) them, and re-enabling (unblocking) them.
This capability is useful for privacy control, resource isolation or dynamic hardware management within the Ghaf host/VM architecture.
It currently supports three device types:
| Keyword | Description |
|---|---|
mic | Internal Audio & microphone PCI devices (used by the audio-vm) |
net | WLAN / network PCI device (used by the net-vm) |
cam | Internal camera device (used by the business-vm) |
bluetooth | Bluetooth device (used by the audio-vm) |
Note: Some hardware platforms may already include a physical camera kill switch (e.g. via Fn-key) which overrides software control.
Usage & Commands
Section titled “Usage & Commands”Run ghaf-killswitch to control devices. General usage:
[ghaf@ghaf-host:~]$ sudo ghaf-killswitch <command> [device]Where <command> is:
list— show all supported devices for kill switch functionalityblock <device>— disable / remove the specified deviceunblock <device>— enable / add the specified deviceblock --all- disable / remove all supported devicesunblock --all- enable / add all supported devicesstatus- Show block/unblock status of deviceshelp— show usage instructions
Examples
Section titled “Examples”List devices
Section titled “List devices”[ghaf@gui-vm:~]$ ghaf-killswitch listDisable internal microphone
Section titled “Disable internal microphone”[ghaf@gui-vm:~]$ ghaf-killswitch block micRun the below command to confirm:
[ghaf@gui-vm:~]$ nix-shell -p pulseaudio --run "pactl list sources short"Disable Wi-Fi
Section titled “Disable Wi-Fi”[ghaf@gui-vm:~]$ ghaf-killswitch block netCheck inside net-vm or GUI to confirm:
[ghaf@net-vm:~]$ nmcli device statusDisable internal camera
Section titled “Disable internal camera”[ghaf@gui-vm:~]$ ghaf-killswitch block camCheck inside business-vm to confirm:
[ghaf@business-vm:~]$ lsusbDisable Bluetooth
Section titled “Disable Bluetooth”[ghaf@gui-vm:~]$ ghaf-killswitch block bluetoothCheck inside audio-vm to confirm:
[ghaf@business-vm:~]$ lsusbCheck status of devices
Section titled “Check status of devices”[ghaf@gui-vm:~]$ ghaf-killswitch statusmic: unblockednet: unblockedcam: blockedbluetooth: blockedDisable all devices
Section titled “Disable all devices”[ghaf@gui-vm:~]$ ghaf-killswitch block --allRe-enable all devices
Section titled “Re-enable all devices”[ghaf@gui-vm:~]$ ghaf-killswitch unblock --allLimitations & Known Issues
Section titled “Limitations & Known Issues”- GUI anomalies — audio UI elements may misbehave when mic is disabled.
- Disabling the microphone will stop only internal audio playback and audio recording functionality.
- Support for blocking external USB devices like camera, microphone is currently unavailable.