Usbguard and KVM/qemu/libvirt USB passthrough

[staviq]

I observed a really weird behavior

Connecting an unauthorized USB Ethernet adapter, and passing it to a qemu/kvm virtual machine, makes the device "available" inside the VM, it gets recognized by the guest os, except it's stuck in "no uplink" state, as if the lan cable is disconnected.

Authorizing the device on the host ( while it's still passed to the VM ) makes both the host and the guest see the lan adapter at the same time.

I think the question is, is it even possible to "jail" USB device inside a VM, without having to authorize it on the host, creating an unsecure window between authorizing and passing the device to the VM ?