[Devel] [PATCH 1/1] disable vz_trusted_exec feature

[Denis V. Lunev]

This feature has gone along as container code has been removed.

Signed-off-by: Denis V. Lunev <den at openvz.org>
---
 lib/ploop.c | 41 -----------------------------------------
 1 file changed, 41 deletions(-)

diff --git a/lib/ploop.c b/lib/ploop.c
index 55692bd..5534a0e 100644
--- a/lib/ploop.c
+++ b/lib/ploop.c
@@ -1705,40 +1705,6 @@ int mknod_with_name(const char *name)
 	return get_free_minor(name, NULL, 0);
 }
 
-static int blockdev_set_untrusted(const char *devname)
-{
-	int fd;
-	char pathbuf[128];
-	char buf[2] = { '0', '\n' };
-	struct stat st;
-
-	ploop_log(3, "Set untrusted %s", devname);
-	if (stat(devname, &st)) {
-		ploop_err(errno, "CAn't stat %s", devname);
-		return SYSEXIT_FSTAT;
-	}
-
-	snprintf(pathbuf, sizeof(pathbuf), "/sys/dev/block/%d:%d/vz_trusted_exec",
-			major(st.st_rdev), minor(st.st_rdev));
-	fd = open(pathbuf, O_WRONLY);
-	if (fd == -1) {
-		ploop_err(errno, "Can't open %s for write",
-			pathbuf);
-		return -1;
-	}
-
-	if (write(fd, buf, sizeof(buf)) != 2) {
-		ploop_err(errno, "Failed to write '%c' to %s",
-			buf[0], pathbuf);
-		close(fd);
-		return -1;
-	}
-
-	close(fd);
-
-	return 0;
-}
-
 int add_delta(char **images,  char *devname, int minor, int blocksize,
 		int raw, int ro, int size)
 {
@@ -2721,13 +2687,6 @@ int ploop_mount(struct ploop_disk_images_data *di, char **images,
 			partname, sizeof(partname));
 	if (ret)
 		goto err_stop;
-	/*
-	 * Disallow accidental code execution from a newly created block device
-	 * from an image.
-	 */
-	ret = blockdev_set_untrusted(partname);
-	if (ret)
-		goto err_stop;
 
 	if (target != NULL || param->automount) {
 		if (target == NULL) {
-- 
2.43.5