From c2f64c07c1dd317e5698b672a91bf8ba5726c948 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 29 Mar 2019 16:09:49 +0100
Subject: [PATCH] rm-rf: refuse combining REMOVE_ONLY_DIRECTORIES and
 REMOVE_SUBVOLUME for now

It's not easy to implement such a combined operation race-freely since
dropping a subvolume will drop all its contents, including any
non-directories.

Hence, let's just not support this combination for now. Which isn't much
of a loss, since we never combine these flags anyway.
---
 src/basic/rm-rf.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c
index 0c957c9b3a..acc0f88cd2 100644
--- a/src/basic/rm-rf.c
+++ b/src/basic/rm-rf.c
@@ -165,6 +165,11 @@ int rm_rf(const char *path, RemoveFlags flags) {
 
         assert(path);
 
+        /* For now, don't support dropping subvols when also only dropping directories, since we can't do
+         * this race-freely. */
+        if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME))
+                return -EINVAL;
+
         /* We refuse to clean the root file system with this
          * call. This is extra paranoia to never cause a really
          * seriously broken system. */