We open the target path with O_DIRECTORY|O_NOFOLLOW, and if that doesn't work,
we call unlink() on the path. In neither case we will follow the symlink, so
we can relax our check to also not follow symlinks.
Fixes #5864.
/* We refuse to clean the root file system with this
* call. This is extra paranoia to never cause a really
* seriously broken system. */
- if (path_equal_or_files_same(path, "/", 0)) {
+ if (path_equal_or_files_same(path, "/", AT_SYMLINK_NOFOLLOW)) {
log_error("Attempted to remove entire root file system, and we can't allow that.");
return -EPERM;
}