From: Lennart Poettering Date: Sat, 4 Apr 2015 12:42:39 +0000 (+0200) Subject: rm-rf: never cross mount points X-Git-Tag: v226.4~1^2~525 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=34da583ada206b2d4b5431a90c67a771c62e604d;ds=sidebyside rm-rf: never cross mount points --- diff --git a/src/shared/path-util.c b/src/shared/path-util.c index 53c007976..6a984fc1d 100644 --- a/src/shared/path-util.c +++ b/src/shared/path-util.c @@ -470,30 +470,17 @@ char* path_join(const char *root, const char *path, const char *rest) { NULL); } -int path_is_mount_point(const char *t, bool allow_symlink) { - +int fd_is_mount_point(int fd) { union file_handle_union h = FILE_HANDLE_INIT; int mount_id = -1, mount_id_parent = -1; + bool nosupp = false; struct stat a, b; int r; - _cleanup_close_ int fd = -1; - bool nosupp = false; /* We are not actually interested in the file handles, but * name_to_handle_at() also passes us the mount ID, hence use * it but throw the handle away */ - if (path_equal(t, "/")) - return 1; - - fd = openat(AT_FDCWD, t, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|(allow_symlink ? 0 : O_PATH)); - if (fd < 0) { - if (errno == ENOENT) - return 0; - - return -errno; - } - r = name_to_handle_at(fd, "", &h.handle, &mount_id, AT_EMPTY_PATH); if (r < 0) { if (errno == ENOSYS) @@ -502,7 +489,9 @@ int path_is_mount_point(const char *t, bool allow_symlink) { goto fallback; else if (errno == EOPNOTSUPP) /* This kernel or file system does not support - * name_to_handle_at(), hence fallback to the + * name_to_handle_at(), hence let's see if the + * upper fs supports it (in which case it is a + * mount point), otherwise fallback to the * traditional stat() logic */ nosupp = true; else if (errno == ENOENT) @@ -511,29 +500,26 @@ int path_is_mount_point(const char *t, bool allow_symlink) { return -errno; } - h.handle.handle_bytes = MAX_HANDLE_SZ; r = name_to_handle_at(fd, "..", &h.handle, &mount_id_parent, 0); - if (r < 0) - if (errno == EOPNOTSUPP) + if (r < 0) { + if (errno == EOPNOTSUPP) { if (nosupp) /* Neither parent nor child do name_to_handle_at()? We have no choice but to fall back. */ goto fallback; else - /* The parent can't do name_to_handle_at() but - * the directory we are interested in can? - * Or the other way around? + /* The parent can't do name_to_handle_at() but the + * directory we are interested in can? * If so, it must be a mount point. */ return 1; - else + } else return -errno; - else + } else return mount_id != mount_id_parent; fallback: r = fstatat(fd, "", &a, AT_EMPTY_PATH); - if (r < 0) { if (errno == ENOENT) return 0; @@ -541,7 +527,6 @@ fallback: return -errno; } - r = fstatat(fd, "..", &b, 0); if (r < 0) return -errno; @@ -549,6 +534,24 @@ fallback: return a.st_dev != b.st_dev; } +int path_is_mount_point(const char *t, bool allow_symlink) { + _cleanup_close_ int fd = -1; + assert(t); + + if (path_equal(t, "/")) + return 1; + + fd = openat(AT_FDCWD, t, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|(allow_symlink ? 0 : O_PATH)); + if (fd < 0) { + if (errno == ENOENT) + return 0; + + return -errno; + } + + return fd_is_mount_point(fd); +} + int path_is_read_only_fs(const char *path) { struct statvfs st; diff --git a/src/shared/path-util.h b/src/shared/path-util.h index ca81b49cb..5548ce4a9 100644 --- a/src/shared/path-util.h +++ b/src/shared/path-util.h @@ -53,6 +53,7 @@ char** path_strv_make_absolute_cwd(char **l); char** path_strv_resolve(char **l, const char *prefix); char** path_strv_resolve_uniq(char **l, const char *prefix); +int fd_is_mount_point(int fd); int path_is_mount_point(const char *path, bool allow_symlink); int path_is_read_only_fs(const char *path); int path_is_os_tree(const char *path); diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c index 99d12b11c..eeb2e3919 100644 --- a/src/shared/rm-rf.c +++ b/src/shared/rm-rf.c @@ -89,7 +89,7 @@ int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) { if (is_dir) { int subdir_fd; - /* if root_dev is set, remove subdirectories only, if device is same as dir */ + /* if root_dev is set, remove subdirectories only if device is same */ if (root_dev && st.st_dev != root_dev->st_dev) continue; @@ -100,6 +100,20 @@ int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) { continue; } + /* Stop at mount points */ + r = fd_is_mount_point(subdir_fd); + if (r < 0) { + if (ret == 0 && r != -ENOENT) + ret = r; + + safe_close(subdir_fd); + continue; + } + if (r) { + safe_close(subdir_fd); + continue; + } + /* We pass REMOVE_PHYSICAL here, to avoid * doing the fstatfs() to check the file * system type again for each directory */ @@ -162,7 +176,6 @@ int rm_rf(const char *path, RemoveFlags flags) { r = rm_rf_children(fd, flags, NULL); if (flags & REMOVE_ROOT) { - if (rmdir(path) < 0 && errno != ENOENT) { if (r == 0) r = -errno;