rm-rf: never cross mount points
This commit is contained in:
Lennart Poettering
parent
c687863750
commit
f25afeb6ab
|
|
@ -470,19 +470,74 @@ char* path_join(const char *root, const char *path, const char *rest) {
|
|||
NULL);
|
||||
}
|
||||
|
||||
int path_is_mount_point(const char *t, bool allow_symlink) {
|
||||
|
||||
int fd_is_mount_point(int fd) {
|
||||
union file_handle_union h = FILE_HANDLE_INIT;
|
||||
int mount_id = -1, mount_id_parent = -1;
|
||||
bool nosupp = false;
|
||||
struct stat a, b;
|
||||
int r;
|
||||
_cleanup_close_ int fd = -1;
|
||||
bool nosupp = false;
|
||||
|
||||
/* We are not actually interested in the file handles, but
|
||||
* name_to_handle_at() also passes us the mount ID, hence use
|
||||
* it but throw the handle away */
|
||||
|
||||
r = name_to_handle_at(fd, "", &h.handle, &mount_id, AT_EMPTY_PATH);
|
||||
if (r < 0) {
|
||||
if (errno == ENOSYS)
|
||||
/* This kernel does not support name_to_handle_at()
|
||||
* fall back to the traditional stat() logic. */
|
||||
goto fallback;
|
||||
else if (errno == EOPNOTSUPP)
|
||||
/* This kernel or file system does not support
|
||||
* name_to_handle_at(), hence let's see if the
|
||||
* upper fs supports it (in which case it is a
|
||||
* mount point), otherwise fallback to the
|
||||
* traditional stat() logic */
|
||||
nosupp = true;
|
||||
else if (errno == ENOENT)
|
||||
return 0;
|
||||
else
|
||||
return -errno;
|
||||
}
|
||||
|
||||
h.handle.handle_bytes = MAX_HANDLE_SZ;
|
||||
r = name_to_handle_at(fd, "..", &h.handle, &mount_id_parent, 0);
|
||||
if (r < 0) {
|
||||
if (errno == EOPNOTSUPP) {
|
||||
if (nosupp)
|
||||
/* Neither parent nor child do name_to_handle_at()?
|
||||
We have no choice but to fall back. */
|
||||
goto fallback;
|
||||
else
|
||||
/* The parent can't do name_to_handle_at() but the
|
||||
* directory we are interested in can?
|
||||
* If so, it must be a mount point. */
|
||||
return 1;
|
||||
} else
|
||||
return -errno;
|
||||
} else
|
||||
return mount_id != mount_id_parent;
|
||||
|
||||
fallback:
|
||||
r = fstatat(fd, "", &a, AT_EMPTY_PATH);
|
||||
if (r < 0) {
|
||||
if (errno == ENOENT)
|
||||
return 0;
|
||||
|
||||
return -errno;
|
||||
}
|
||||
|
||||
r = fstatat(fd, "..", &b, 0);
|
||||
if (r < 0)
|
||||
return -errno;
|
||||
|
||||
return a.st_dev != b.st_dev;
|
||||
}
|
||||
|
||||
int path_is_mount_point(const char *t, bool allow_symlink) {
|
||||
_cleanup_close_ int fd = -1;
|
||||
assert(t);
|
||||
|
||||
if (path_equal(t, "/"))
|
||||
return 1;
|
||||
|
||||
|
|
@ -494,59 +549,7 @@ int path_is_mount_point(const char *t, bool allow_symlink) {
|
|||
return -errno;
|
||||
}
|
||||
|
||||
r = name_to_handle_at(fd, "", &h.handle, &mount_id, AT_EMPTY_PATH);
|
||||
if (r < 0) {
|
||||
if (errno == ENOSYS)
|
||||
/* This kernel does not support name_to_handle_at()
|
||||
* fall back to the traditional stat() logic. */
|
||||
goto fallback;
|
||||
else if (errno == EOPNOTSUPP)
|
||||
/* This kernel or file system does not support
|
||||
* name_to_handle_at(), hence fallback to the
|
||||
* traditional stat() logic */
|
||||
nosupp = true;
|
||||
else if (errno == ENOENT)
|
||||
return 0;
|
||||
else
|
||||
return -errno;
|
||||
}
|
||||
|
||||
|
||||
h.handle.handle_bytes = MAX_HANDLE_SZ;
|
||||
r = name_to_handle_at(fd, "..", &h.handle, &mount_id_parent, 0);
|
||||
if (r < 0)
|
||||
if (errno == EOPNOTSUPP)
|
||||
if (nosupp)
|
||||
/* Neither parent nor child do name_to_handle_at()?
|
||||
We have no choice but to fall back. */
|
||||
goto fallback;
|
||||
else
|
||||
/* The parent can't do name_to_handle_at() but
|
||||
* the directory we are interested in can?
|
||||
* Or the other way around?
|
||||
* If so, it must be a mount point. */
|
||||
return 1;
|
||||
else
|
||||
return -errno;
|
||||
else
|
||||
return mount_id != mount_id_parent;
|
||||
|
||||
fallback:
|
||||
r = fstatat(fd, "", &a, AT_EMPTY_PATH);
|
||||
|
||||
if (r < 0) {
|
||||
if (errno == ENOENT)
|
||||
return 0;
|
||||
|
||||
return -errno;
|
||||
}
|
||||
|
||||
|
||||
r = fstatat(fd, "..", &b, 0);
|
||||
if (r < 0)
|
||||
return -errno;
|
||||
|
||||
return a.st_dev != b.st_dev;
|
||||
return fd_is_mount_point(fd);
|
||||
}
|
||||
|
||||
int path_is_read_only_fs(const char *path) {
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ char** path_strv_make_absolute_cwd(char **l);
|
|||
char** path_strv_resolve(char **l, const char *prefix);
|
||||
char** path_strv_resolve_uniq(char **l, const char *prefix);
|
||||
|
||||
int fd_is_mount_point(int fd);
|
||||
int path_is_mount_point(const char *path, bool allow_symlink);
|
||||
int path_is_read_only_fs(const char *path);
|
||||
int path_is_os_tree(const char *path);
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) {
|
|||
if (is_dir) {
|
||||
int subdir_fd;
|
||||
|
||||
/* if root_dev is set, remove subdirectories only, if device is same as dir */
|
||||
/* if root_dev is set, remove subdirectories only if device is same */
|
||||
if (root_dev && st.st_dev != root_dev->st_dev)
|
||||
continue;
|
||||
|
||||
|
|
@ -100,6 +100,20 @@ int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) {
|
|||
continue;
|
||||
}
|
||||
|
||||
/* Stop at mount points */
|
||||
r = fd_is_mount_point(subdir_fd);
|
||||
if (r < 0) {
|
||||
if (ret == 0 && r != -ENOENT)
|
||||
ret = r;
|
||||
|
||||
safe_close(subdir_fd);
|
||||
continue;
|
||||
}
|
||||
if (r) {
|
||||
safe_close(subdir_fd);
|
||||
continue;
|
||||
}
|
||||
|
||||
/* We pass REMOVE_PHYSICAL here, to avoid
|
||||
* doing the fstatfs() to check the file
|
||||
* system type again for each directory */
|
||||
|
|
@ -162,7 +176,6 @@ int rm_rf(const char *path, RemoveFlags flags) {
|
|||
r = rm_rf_children(fd, flags, NULL);
|
||||
|
||||
if (flags & REMOVE_ROOT) {
|
||||
|
||||
if (rmdir(path) < 0 && errno != ENOENT) {
|
||||
if (r == 0)
|
||||
r = -errno;
|
||||
|
|
|
|||
Loading…
Reference in a new issue