Prevent VM from starting

[GammaSQ]

The problem you're addressing (if any)

Some operations require a VM to be shutdown. (removing persistently attached devices, attaching private storage as drive to another VM, renaming, etc.)

Some qubes-internal requirements automatically start a VM, such as persistently attached storage, rpm-requests, ...

These requirements can therefore continuously start a VM and prohibit work that needs a shut-down VM, prohibiting such work.

Or in a malicious setting: A currently paused VM (because an attack might be happening that needs analysis) can be unpaused by qvm-run, which might be part of some rpc-services.

The solution you'd like

I'm unsure. The most obvious solution seems to be a simple "prohibit this VM from (re)starting"-option. However, I landed in this situation due to some misconfiguration I had forgotten (semi-related: #9683 ) so adding another config that is rarely used only shifts the problem. I haven't given any thought to how a "don't unpause"-interface would look like.

So I suggest to introduce "inhibit restart for 30 minutes" in the UI and expose some kind of option to the CLI-tool that will be used to achieve this, e.g. "--prohibit-start-forever". A highlight in the QubeManager for such inhibited VMs should happen in both cases.

The value to a user, and who that user might be

Very little. Multiple things have to go wrong for such functionality to be of any use. Even when it is useful, I don't think it would be operation-critical, just alleviate some headache.

Completion criteria checklist

(This section is for developer use only. Please do not modify it.)

[marmarek]

Duplicate of #9622

[github-actions]

This issue has been closed as a "duplicate." This means that another issue exists that is very similar to or subsumes this one. If any useful information on this issue is not already present on the other issue, please add it in a comment on the other issue. Here are some common cases of duplicate issues:

• The other issue is closed. The other issue being closed does not prevent this issue from duplicating it. We will examine the closed issue and, if appropriate, reopen it.
• The other issue is for a different Qubes release. We usually maintain only one issue for all affected Qubes releases.
• The other issue is very old. The mere age of an issue is not, by itself, a relevant factor when determining duplicates.

By default, the newer issue will be closed in favor of the older issue. However, we make exceptions when we determine that it would be significantly more useful to keep the newer issue open instead of the older one.

We respect the time and effort you have taken to file this issue, and we understand that this outcome may be unsatisfying. Please accept our sincere apologies and know that we greatly value your participation and membership in the Qubes community.

If anyone reading this believes that this issue was closed in error or that the resolution of "duplicate" is not accurate, please leave a comment below saying so, and we will review this issue again. For more information, see How issues get closed.