This setup does not look very compartmentalized to me. You USB device is passed to sys-net, so technically it could access the Internet and break the isolation of sys-usb. If you must use USB-ethernet with a single USB controller, then it’s probaby the best approach, but otherwise I would avoid that. See also: QSB-078: Linux kernel PV driver issues and LVM misconfiguration | Qubes OS.
1 Like