summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-04-04 14:42:39 +0200
committerLennart Poettering <lennart@poettering.net>2015-04-06 10:57:53 +0200
commitf25afeb6ab515cf890eff58c0b53cf35b2be0e05 (patch)
treea5d852813c41728861aee2001d047f94c7892290
parentc6878637502b1717a110a9a7e8bba32a8583fcdf (diff)
rm-rf: never cross mount points
-rw-r--r--src/shared/path-util.c55
-rw-r--r--src/shared/path-util.h1
-rw-r--r--src/shared/rm-rf.c17
3 files changed, 45 insertions, 28 deletions
diff --git a/src/shared/path-util.c b/src/shared/path-util.c
index 53c0079760..6a984fc1d8 100644
--- a/src/shared/path-util.c
+++ b/src/shared/path-util.c
@@ -470,30 +470,17 @@ char* path_join(const char *root, const char *path, const char *rest) {
NULL);
}
-int path_is_mount_point(const char *t, bool allow_symlink) {
-
+int fd_is_mount_point(int fd) {
union file_handle_union h = FILE_HANDLE_INIT;
int mount_id = -1, mount_id_parent = -1;
+ bool nosupp = false;
struct stat a, b;
int r;
- _cleanup_close_ int fd = -1;
- bool nosupp = false;
/* We are not actually interested in the file handles, but
* name_to_handle_at() also passes us the mount ID, hence use
* it but throw the handle away */
- if (path_equal(t, "/"))
- return 1;
-
- fd = openat(AT_FDCWD, t, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|(allow_symlink ? 0 : O_PATH));
- if (fd < 0) {
- if (errno == ENOENT)
- return 0;
-
- return -errno;
- }
-
r = name_to_handle_at(fd, "", &h.handle, &mount_id, AT_EMPTY_PATH);
if (r < 0) {
if (errno == ENOSYS)
@@ -502,7 +489,9 @@ int path_is_mount_point(const char *t, bool allow_symlink) {
goto fallback;
else if (errno == EOPNOTSUPP)
/* This kernel or file system does not support
- * name_to_handle_at(), hence fallback to the
+ * name_to_handle_at(), hence let's see if the
+ * upper fs supports it (in which case it is a
+ * mount point), otherwise fallback to the
* traditional stat() logic */
nosupp = true;
else if (errno == ENOENT)
@@ -511,29 +500,26 @@ int path_is_mount_point(const char *t, bool allow_symlink) {
return -errno;
}
-
h.handle.handle_bytes = MAX_HANDLE_SZ;
r = name_to_handle_at(fd, "..", &h.handle, &mount_id_parent, 0);
- if (r < 0)
- if (errno == EOPNOTSUPP)
+ if (r < 0) {
+ if (errno == EOPNOTSUPP) {
if (nosupp)
/* Neither parent nor child do name_to_handle_at()?
We have no choice but to fall back. */
goto fallback;
else
- /* The parent can't do name_to_handle_at() but
- * the directory we are interested in can?
- * Or the other way around?
+ /* The parent can't do name_to_handle_at() but the
+ * directory we are interested in can?
* If so, it must be a mount point. */
return 1;
- else
+ } else
return -errno;
- else
+ } else
return mount_id != mount_id_parent;
fallback:
r = fstatat(fd, "", &a, AT_EMPTY_PATH);
-
if (r < 0) {
if (errno == ENOENT)
return 0;
@@ -541,7 +527,6 @@ fallback:
return -errno;
}
-
r = fstatat(fd, "..", &b, 0);
if (r < 0)
return -errno;
@@ -549,6 +534,24 @@ fallback:
return a.st_dev != b.st_dev;
}
+int path_is_mount_point(const char *t, bool allow_symlink) {
+ _cleanup_close_ int fd = -1;
+ assert(t);
+
+ if (path_equal(t, "/"))
+ return 1;
+
+ fd = openat(AT_FDCWD, t, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|(allow_symlink ? 0 : O_PATH));
+ if (fd < 0) {
+ if (errno == ENOENT)
+ return 0;
+
+ return -errno;
+ }
+
+ return fd_is_mount_point(fd);
+}
+
int path_is_read_only_fs(const char *path) {
struct statvfs st;
diff --git a/src/shared/path-util.h b/src/shared/path-util.h
index ca81b49cbf..5548ce4a94 100644
--- a/src/shared/path-util.h
+++ b/src/shared/path-util.h
@@ -53,6 +53,7 @@ char** path_strv_make_absolute_cwd(char **l);
char** path_strv_resolve(char **l, const char *prefix);
char** path_strv_resolve_uniq(char **l, const char *prefix);
+int fd_is_mount_point(int fd);
int path_is_mount_point(const char *path, bool allow_symlink);
int path_is_read_only_fs(const char *path);
int path_is_os_tree(const char *path);
diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c
index 99d12b11c6..eeb2e39196 100644
--- a/src/shared/rm-rf.c
+++ b/src/shared/rm-rf.c
@@ -89,7 +89,7 @@ int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) {
if (is_dir) {
int subdir_fd;
- /* if root_dev is set, remove subdirectories only, if device is same as dir */
+ /* if root_dev is set, remove subdirectories only if device is same */
if (root_dev && st.st_dev != root_dev->st_dev)
continue;
@@ -100,6 +100,20 @@ int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) {
continue;
}
+ /* Stop at mount points */
+ r = fd_is_mount_point(subdir_fd);
+ if (r < 0) {
+ if (ret == 0 && r != -ENOENT)
+ ret = r;
+
+ safe_close(subdir_fd);
+ continue;
+ }
+ if (r) {
+ safe_close(subdir_fd);
+ continue;
+ }
+
/* We pass REMOVE_PHYSICAL here, to avoid
* doing the fstatfs() to check the file
* system type again for each directory */
@@ -162,7 +176,6 @@ int rm_rf(const char *path, RemoveFlags flags) {
r = rm_rf_children(fd, flags, NULL);
if (flags & REMOVE_ROOT) {
-
if (rmdir(path) < 0 && errno != ENOENT) {
if (r == 0)
r = -errno;