basic/rm-rf: allow a symlink to / to be removed

We open the target path with O_DIRECTORY|O_NOFOLLOW, and if that doesn't work,
we call unlink() on the path. In neither case we will follow the symlink, so
we can relax our check to also not follow symlinks.

Fixes #5864.

diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c
index 225a212963e0e4f2160b53d961cb4b9fa3ff674a..156366c7d1487f419697d7ae3808829ccfd1b578 100644 (file)
--- a/src/basic/rm-rf.c
+++ b/src/basic/rm-rf.c
@@ -184,7 +184,7 @@ int rm_rf(const char *path, RemoveFlags flags) {
         /* We refuse to clean the root file system with this
          * call. This is extra paranoia to never cause a really
          * seriously broken system. */
-        if (path_equal_or_files_same(path, "/", 0)) {
+        if (path_equal_or_files_same(path, "/", AT_SYMLINK_NOFOLLOW)) {
                 log_error("Attempted to remove entire root file system, and we can't allow that.");
                 return -EPERM;
         }