api/admin: prevent removing dom0

marmarek · marmarek · commit a91bd543cc9a · 2024-08-08T03:23:27.000+02:00
Fixes QubesOS/qubes-issues#7188
diff --git a/qubes/api/admin.py b/qubes/api/admin.py
@@ -1164,6 +1164,10 @@ async def vm_remove(self):
 
         self.fire_event_for_permission()
 
+        if self.dest.name == 'dom0':
+            raise qubes.exc.QubesVMInUseError(
+                self.dest, msg="'dom0' cannot be removed")
+
         async with self.dest.startup_lock:
             if not self.dest.is_halted():
                 raise qubes.exc.QubesVMNotHaltedError(self.dest)
diff --git a/qubes/tests/api_admin.py b/qubes/tests/api_admin.py
@@ -2171,6 +2171,16 @@ def test_502_vm_remove_attached(self, mock_rmtree, mock_remove):
         self.assertFalse(mock_remove.called)
         self.assertFalse(self.app.save.called)
 
+    @unittest.mock.patch('qubes.storage.Storage.remove')
+    @unittest.mock.patch('shutil.rmtree')
+    def test_503_vm_remove_dom0(self, mock_rmtree, mock_remove):
+        mock_remove.side_effect = self.dummy_coro
+        with self.assertRaises(qubes.exc.QubesVMInUseError):
+            self.call_mgmt_func(b'admin.vm.Remove', b'dom0')
+        self.assertFalse(mock_rmtree.called)
+        self.assertFalse(mock_remove.called)
+        self.assertFalse(self.app.save.called)
+
     # Import tests
     # (internal methods, normally called from qubes-rpc script)
 
