Add the feature to prohibit starting a qube

alimirjamali · alimirjamali · commit 9f34b175089d · 2025-02-21T20:10:18.000+03:30
Qube Manager part of preventing qubes with `prohibit-start` from being started. Showing special status icon and disabling start and related buttons. Supplements: QubesOS/qubes-issues#9622
diff --git a/icons/ban.svg b/icons/ban.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-ban"><circle cx="12" cy="12" r="10"/><path d="m4.9 4.9 14.2 14.2"/></svg>
diff --git a/qubesmanager/qube_manager.py b/qubesmanager/qube_manager.py
@@ -103,13 +103,16 @@ def __init__(self):
                 "Halted" : QIcon(":/blank")
                 }
         self.outdatedIcons = {
+                "blocked" : QIcon(":/ban"),
                 "update" : QIcon(":/updateable"),
                 "outdated" : QIcon(":/outdated"),
                 "to-be-outdated" : QIcon(":/outdated"),
                 "eol": QIcon(':/warning'),
                 "skipped": QIcon(':/skipped')
                 }
         self.outdatedTooltips = {
+                "blocked" : self.tr(
+                    "The qube is prohibited from being started"),
                 "update" : self.tr("Updates available"),
                 "outdated" : self.tr(
                     "The qube must be restarted for recent changes in "
@@ -239,6 +242,12 @@ def update_power_state(self):
 
         self.state['outdated'] = ""
         try:
+            if self.vm.klass != "AdminVM" and manager_utils.get_feature(
+                    self.vm, 'prohibit-start', False):
+                # Special case where being outdated, eol & skipped is irrelevant
+                self.state['outdated'] = 'blocked'
+                return
+
             if manager_utils.is_running(self.vm, False):
                 if hasattr(self.vm, 'template') and \
                         manager_utils.is_running(self.vm.template, False):
@@ -253,6 +262,9 @@ def update_power_state(self):
 
             if self.vm.klass in {'TemplateVM', 'StandaloneVM'}:
                 if manager_utils.get_feature(
+                        self.vm, 'prohibit-start', False):
+                    self.state['outdated'] = 'ban'
+                elif manager_utils.get_feature(
                         self.vm, 'skip-update', False):
                     self.state['outdated'] = 'skipped'
                 elif manager_utils.get_feature(
@@ -264,6 +276,8 @@ def update_power_state(self):
                     eol = datetime.strptime(eol_string, '%Y-%m-%d')
                     if datetime.now() > eol:
                         self.state['outdated'] = 'eol'
+                else:
+                    self.state['outdated'] = None
         except exc.QubesDaemonAccessError:
             pass
 
@@ -879,6 +893,10 @@ def __init__(self, qt_app, qubes_app, dispatcher, _parent=None):
                                self.on_domain_updates_available)
         dispatcher.add_handler('domain-feature-delete:skip-update',
                                self.on_domain_updates_available)
+        dispatcher.add_handler('domain-feature-set:prohibit-start',
+                               self.on_domain_updates_available)
+        dispatcher.add_handler('domain-feature-delete:prohibit-start',
+                               self.on_domain_updates_available)
 
         self.installEventFilter(self)
 
@@ -1125,11 +1143,16 @@ def check_updates(self, info=None):
         try:
             if info.vm.klass in {'TemplateVM', 'StandaloneVM'}:
                 if manager_utils.get_feature(
+                        info.vm, 'prohibit-start', False):
+                    info.state['outdated'] = 'blocked'
+                elif manager_utils.get_feature(
                         info.vm, 'skip-update', False):
                     info.state['outdated'] = 'skipped'
                 elif manager_utils.get_feature(
                         info.vm, 'updates-available', False):
                     info.state['outdated'] = 'update'
+                else:
+                    info.state['outdated'] = None
         except exc.QubesDaemonAccessError:
             return
 
@@ -1352,6 +1375,17 @@ def table_selection_changed(self):
             if not vm.updateable and vm.klass != 'AdminVM':
                 self.action_updatevm.setEnabled(False)
 
+            if vm.vm.features.get('prohibit-start', False):
+                self.action_open_console.setEnabled(False)
+                self.action_resumevm.setEnabled(False)
+                self.action_startvm_tools_install.setEnabled(False)
+                self.action_pausevm.setEnabled(False)
+                self.action_restartvm.setEnabled(False)
+                self.action_killvm.setEnabled(False)
+                self.action_shutdownvm.setEnabled(False)
+                self.action_updatevm.setEnabled(False)
+                self.action_run_command_in_vm.setEnabled(False)
+
         self.update_template_menu()
         self.update_network_menu()
 
diff --git a/qubesmanager/tests/conftest.py b/qubesmanager/tests/conftest.py
@@ -27,6 +27,7 @@ def test_qubes_app():
     test_qapp = MockQubesComplete()
     test_qapp._qubes['sys-usb'].features[
         'supported-feature.keyboard-layout'] = '1'
+    test_qapp._qubes['sys-usb'].features['prohibit-start'] = None
     test_qapp.update_vm_calls()
 
     return test_qapp
diff --git a/qubesmanager/tests/test_qube_manager.py b/qubesmanager/tests/test_qube_manager.py
@@ -1604,3 +1604,55 @@ def test_704_check_later(mock_timer, mock_question):
 
     assert mock_question.call_count == 0
     assert mock_timer.call_count == 1
+
+
+@pytest.mark.asyncio(loop_scope="module")
+async def test_705_prohibit_start_vms(qubes_manager):
+    # Change `prohibit-start` feature for two qubes
+    prohibition = (
+        'test-old',
+        'admin.vm.feature.Set',
+        'prohibit-start',
+        b'Compromised by Gremlins!',
+    )
+    assert prohibition not in qubes_manager.qubes_app.actual_calls
+    qubes_manager.qubes_app.expected_calls[prohibition] = b'0\x00'
+
+    prohibition = (
+        'test-standalone',
+        'admin.vm.feature.Set',
+        'prohibit-start',
+        b'Do not update',
+    )
+    assert prohibition not in qubes_manager.qubes_app.actual_calls
+    qubes_manager.qubes_app.expected_calls[prohibition] = b'0\x00'
+
+    qubes_manager.qubes_app._qubes['test-old'].features[ \
+            'prohibit-start'] = 'Compromised by Gremlins!'
+    qubes_manager.qubes_app._qubes['test-standalone'].features[ \
+            'prohibit-start'] = 'Do not update'
+
+    qubes_manager.qubes_app.update_vm_calls()
+    qubes_manager.dispatcher.add_expected_event(
+        MockEvent('test-old',
+                  'domain-feature-set',
+                  [('name', 'prohibit-start'),
+                   ('newvalue', 'Compromised by Gremlins!')]))
+    qubes_manager.dispatcher.add_expected_event(
+        MockEvent('test-standalone',
+                  'domain-feature-set',
+                  [('name', 'prohibit-start'),
+                   ('newvalue', 'Do not update')]))
+
+    with contextlib.suppress(asyncio.TimeoutError):
+        await asyncio.wait_for(qubes_manager.dispatcher.listen_for_events(), 1)
+
+    qubes_manager.qubes_app.domains['test-old'].features[ \
+        'prohibit-start'] = \
+        'Compromised by Gremlins!'
+    _select_vm(qubes_manager, 'test-old')
+
+    qubes_manager.qubes_app.domains['test-standalone'].features[ \
+        'prohibit-start'] = \
+        'Do not update'
+    _select_vm(qubes_manager, 'test-standalone')
diff --git a/resources.qrc b/resources.qrc
@@ -3,6 +3,7 @@
     <file alias="add">icons/add.svg</file>
     <file alias="apps">icons/apps.svg</file>
     <file alias="backup">icons/backup.svg</file>
+    <file alias="ban">icons/ban.svg</file>
     <file alias="blank">icons/blank.svg</file>
     <file alias="checked">icons/checked.svg</file>
     <file alias="checkmark">icons/checkmark.svg</file>
