From f25afeb6ab515cf890eff58c0b53cf35b2be0e05 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Sat, 4 Apr 2015 14:42:39 +0200 Subject: rm-rf: never cross mount points --- src/shared/path-util.c | 55 ++++++++++++++++++++++++++------------------------ 1 file changed, 29 insertions(+), 26 deletions(-) (limited to 'src/shared/path-util.c') diff --git a/src/shared/path-util.c b/src/shared/path-util.c index 53c0079760..6a984fc1d8 100644 --- a/src/shared/path-util.c +++ b/src/shared/path-util.c @@ -470,30 +470,17 @@ char* path_join(const char *root, const char *path, const char *rest) { NULL); } -int path_is_mount_point(const char *t, bool allow_symlink) { - +int fd_is_mount_point(int fd) { union file_handle_union h = FILE_HANDLE_INIT; int mount_id = -1, mount_id_parent = -1; + bool nosupp = false; struct stat a, b; int r; - _cleanup_close_ int fd = -1; - bool nosupp = false; /* We are not actually interested in the file handles, but * name_to_handle_at() also passes us the mount ID, hence use * it but throw the handle away */ - if (path_equal(t, "/")) - return 1; - - fd = openat(AT_FDCWD, t, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|(allow_symlink ? 0 : O_PATH)); - if (fd < 0) { - if (errno == ENOENT) - return 0; - - return -errno; - } - r = name_to_handle_at(fd, "", &h.handle, &mount_id, AT_EMPTY_PATH); if (r < 0) { if (errno == ENOSYS) @@ -502,7 +489,9 @@ int path_is_mount_point(const char *t, bool allow_symlink) { goto fallback; else if (errno == EOPNOTSUPP) /* This kernel or file system does not support - * name_to_handle_at(), hence fallback to the + * name_to_handle_at(), hence let's see if the + * upper fs supports it (in which case it is a + * mount point), otherwise fallback to the * traditional stat() logic */ nosupp = true; else if (errno == ENOENT) @@ -511,29 +500,26 @@ int path_is_mount_point(const char *t, bool allow_symlink) { return -errno; } - h.handle.handle_bytes = MAX_HANDLE_SZ; r = name_to_handle_at(fd, "..", &h.handle, &mount_id_parent, 0); - if (r < 0) - if (errno == EOPNOTSUPP) + if (r < 0) { + if (errno == EOPNOTSUPP) { if (nosupp) /* Neither parent nor child do name_to_handle_at()? We have no choice but to fall back. */ goto fallback; else - /* The parent can't do name_to_handle_at() but - * the directory we are interested in can? - * Or the other way around? + /* The parent can't do name_to_handle_at() but the + * directory we are interested in can? * If so, it must be a mount point. */ return 1; - else + } else return -errno; - else + } else return mount_id != mount_id_parent; fallback: r = fstatat(fd, "", &a, AT_EMPTY_PATH); - if (r < 0) { if (errno == ENOENT) return 0; @@ -541,7 +527,6 @@ fallback: return -errno; } - r = fstatat(fd, "..", &b, 0); if (r < 0) return -errno; @@ -549,6 +534,24 @@ fallback: return a.st_dev != b.st_dev; } +int path_is_mount_point(const char *t, bool allow_symlink) { + _cleanup_close_ int fd = -1; + assert(t); + + if (path_equal(t, "/")) + return 1; + + fd = openat(AT_FDCWD, t, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|(allow_symlink ? 0 : O_PATH)); + if (fd < 0) { + if (errno == ENOENT) + return 0; + + return -errno; + } + + return fd_is_mount_point(fd); +} + int path_is_read_only_fs(const char *path) { struct statvfs st; -- cgit v1.2.3-54-g00ecf