Upgrade to QubesOS 4.3 broke enabling mic for a VM

Privacc · December 27, 2025, 11:11pm

I did an in-place update of QubesOS from 4.2 to 4.3 (no issues there) and since, a little py script in sys-audio (Fedora 42) that I have to enable/disable microphone access to specific qubes, stopped working.

The script is based off of the Qubes Audio virtualization guide,

In Qubes R4.1 and later, `pacat-simple-vchan` is controlled over a UNIX socket at `/var/run/qubes/audio-control.VMNAME` (where `VMNAME` is the VM’s name). Supported commands:

* `audio-input 1\n` - enable audio input
* `audio-input 0\n` - disable audio input

Now, there are no audio-control.VMNAME created, and there is no qubes-audio-daemon service, nor a binary either! The package is installed and I tried reinstalling it too.

Thanks you in advance.

myprettyusername · February 1, 2026, 2:42am

Hey,

Would you mind sharing this little py script?
I want to help figuring this out.

Privacc · February 1, 2026, 3:32am

Any help is appreciated. However, the script doesn’t matter so much, it’s the underlying functionality that was removed by QubesOS and I’m not sure if it was replaced by something else, or was just removed for whatever reason.

It’s basically a little GUI that runs the two commands below, as described in the pacat-simple-vchan,

Supported commands:
    audio-input 1\n - enable audio input
    audio-input 0\n - disable audio input

All I’m asking is from the devs to make a comment, on what ppl that used that, should do now on QubesOS 4.3 .

neowutran · February 5, 2026, 6:22am

I am not sure I understood, but does the command qvm-device mic attach VMNAME dom0:mic and qvm-device mic detach VM dom0:mic solve your case ? (usually launched from dom0 )

Privacc · February 5, 2026, 3:19pm

Yes, I can attach the mic to any qube. However, I used to have all my audio devices attached to sys-audio (select the default speakers/mic) and use the commands above (in a python script) to enable/disable mic access to a specific qube from sys-audio (could also do multiple qubes at the same time).
This way I didn’t have to attach a microphone directly to a qube. I just provided access to it from sys-audio. It was more practical and more secure.

Now that this functionality is gone, I have to do what you suggested and attach my mic exclusively to the qube I want to use it in, and then of course not forget to detach it afterwards.

Has this functionality changed, or was it removed with 4.3? The documentation still references it.

appih5587 · February 6, 2026, 1:36am

This is the commit that afaik removed this capacity

which changes

if (strncmp(command_buffer, "audio-input 0\n", command_len) == 0) {
        new_rec_allowed = 0;
    } else if (strncmp(command_buffer, "audio-input 1\n", command_len) == 0) {
        new_rec_allowed = 1;
    }

to

new_rec_allowed = is_rec_allowed_from_qdb(u);

which instead reads from QubesDB

if (qdb_entry != NULL) {
        if (strcmp(qdb_entry, "0") == 0) {
            new_rec_allowed = 0;
        } else if (strcmp(qdb_entry, "1") == 0) {
            new_rec_allowed = 1;
        } else {
            pacat_log("invalid value from Qubes DB");
            new_rec_allowed = -1;
        }
    }

See also Qubes OS 4.3 release notes — Qubes OS Documentation

Audio daemon does not connect to recording stream unless recording is explicitly enabled (#9999).

According to the commit message:

/audio-input-config/<qube> set authorization of mic by <qube>

/audio-input/<qubes> gives daemon status if mic is enabled

/audio-input-request/<qubes> notifies that an application requests mic

I do not know whether editing those on the fly does indeed work (qubesdb-write /audio-input-config/VMNAME 1 ). Could you test and report back ?

Nb: clearly the docs are outdated - could you add a needs-docs tag to your post ?

Privacc · February 6, 2026, 1:53am

This looks like exactly what I need! Thank you for putting all this together.

I’ll have to review, put a script together and test, and I’ll report back. It’ll probably have to wait until next week, because I don’t have the time right now.

PS. How do I add the needs-docs tag to the post?

appih5587 · February 6, 2026, 1:59am

Hm I just tried on one of my older posts and it seems that after some amount of time we can’t edit the tags anymore.
I’m still new to this forum so I’m not sure if that’s the right way, but maybe you could flag your own post under the “Something else” category and attach a message for moderation to add the tag ?

[or if you have a github account, you can directly open an issue to report the lack of updated documentation around audio-input-config]

Privacc · February 6, 2026, 11:54pm

Couldn’t wait until next week, had to try it, and it works like a charm!

It works on the fly too, and for multiple qubes at the same time.

Thank you @appih5587