Skip to content

Commit

Permalink
api/admin: prevent removing dom0
Browse files Browse the repository at this point in the history 
Fixes QubesOS/qubes-issues#7188
  • Loading branch information
@marmarek
marmarek committed Aug 8, 2024
1 parent 065c6e4 commit a91bd54
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
4 changes: 4 additions & 0 deletions qubes/api/admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1164,6 +1164,10 @@ async def vm_remove(self):

self.fire_event_for_permission()

if self.dest.name == 'dom0':
raise qubes.exc.QubesVMInUseError(
self.dest, msg="'dom0' cannot be removed")

async with self.dest.startup_lock:
if not self.dest.is_halted():
raise qubes.exc.QubesVMNotHaltedError(self.dest)
Expand Down
10 changes: 10 additions & 0 deletions qubes/tests/api_admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2171,6 +2171,16 @@ def test_502_vm_remove_attached(self, mock_rmtree, mock_remove):
self.assertFalse(mock_remove.called)
self.assertFalse(self.app.save.called)

@unittest.mock.patch('qubes.storage.Storage.remove')
@unittest.mock.patch('shutil.rmtree')
def test_503_vm_remove_dom0(self, mock_rmtree, mock_remove):
mock_remove.side_effect = self.dummy_coro
with self.assertRaises(qubes.exc.QubesVMInUseError):
self.call_mgmt_func(b'admin.vm.Remove', b'dom0')
self.assertFalse(mock_rmtree.called)
self.assertFalse(mock_remove.called)
self.assertFalse(self.app.save.called)

# Import tests
# (internal methods, normally called from qubes-rpc script)

Expand Down

0 comments on commit a91bd54

Please sign in to comment.