shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-19 22:50:17 +03:00
Code

rm-rf: never cross mount points

Browse Source
This commit is contained in:
Lennart Poettering 2015-04-04 14:42:39 +02:00
parent c687863750
commit f25afeb6ab
3 changed files with 76 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
src/shared/path-util.c
View File

@ -470,19 +470,74 @@ char* path_join(const char *root, const char *path, const char *rest) {
NULL); NULL);
} }
int path_is_mount_point(const char *t, bool allow_symlink) { int fd_is_mount_point(int fd) {
union file_handle_union h = FILE_HANDLE_INIT; union file_handle_union h = FILE_HANDLE_INIT;
int mount_id = -1, mount_id_parent = -1; int mount_id = -1, mount_id_parent = -1;
bool nosupp = false;
struct stat a, b; struct stat a, b;
int r; int r;
_cleanup_close_ int fd = -1;
bool nosupp = false;
/* We are not actually interested in the file handles, but /* We are not actually interested in the file handles, but
* name_to_handle_at() also passes us the mount ID, hence use * name_to_handle_at() also passes us the mount ID, hence use
* it but throw the handle away */ * it but throw the handle away */
r = name_to_handle_at(fd, "", &h.handle, &mount_id, AT_EMPTY_PATH);
if (r < 0) {
if (errno == ENOSYS)
/* This kernel does not support name_to_handle_at()
* fall back to the traditional stat() logic. */
goto fallback;
else if (errno == EOPNOTSUPP)
/* This kernel or file system does not support
* name_to_handle_at(), hence let's see if the
* upper fs supports it (in which case it is a
* mount point), otherwise fallback to the
* traditional stat() logic */
nosupp = true;
else if (errno == ENOENT)
return 0;
else
return -errno;
}
h.handle.handle_bytes = MAX_HANDLE_SZ;
r = name_to_handle_at(fd, "..", &h.handle, &mount_id_parent, 0);
if (r < 0) {
if (errno == EOPNOTSUPP) {
if (nosupp)
/* Neither parent nor child do name_to_handle_at()?
We have no choice but to fall back. */
goto fallback;
else
/* The parent can't do name_to_handle_at() but the
* directory we are interested in can?
* If so, it must be a mount point. */
return 1;
} else
return -errno;
} else
return mount_id != mount_id_parent;
fallback:
r = fstatat(fd, "", &a, AT_EMPTY_PATH);
if (r < 0) {
if (errno == ENOENT)
return 0;
return -errno;
}
r = fstatat(fd, "..", &b, 0);
if (r < 0)
return -errno;
return a.st_dev != b.st_dev;
}
int path_is_mount_point(const char *t, bool allow_symlink) {
_cleanup_close_ int fd = -1;
assert(t);
if (path_equal(t, "/")) if (path_equal(t, "/"))
return 1; return 1;
@ -494,59 +549,7 @@ int path_is_mount_point(const char *t, bool allow_symlink) {
return -errno; return -errno;
} }
r = name_to_handle_at(fd, "", &h.handle, &mount_id, AT_EMPTY_PATH); return fd_is_mount_point(fd);
if (r < 0) {
if (errno == ENOSYS)
/* This kernel does not support name_to_handle_at()
* fall back to the traditional stat() logic. */
goto fallback;
else if (errno == EOPNOTSUPP)
/* This kernel or file system does not support
* name_to_handle_at(), hence fallback to the
* traditional stat() logic */
nosupp = true;
else if (errno == ENOENT)
return 0;
else
return -errno;
}
h.handle.handle_bytes = MAX_HANDLE_SZ;
r = name_to_handle_at(fd, "..", &h.handle, &mount_id_parent, 0);
if (r < 0)
if (errno == EOPNOTSUPP)
if (nosupp)
/* Neither parent nor child do name_to_handle_at()?
We have no choice but to fall back. */
goto fallback;
else
/* The parent can't do name_to_handle_at() but
* the directory we are interested in can?
* Or the other way around?
* If so, it must be a mount point. */
return 1;
else
return -errno;
else
return mount_id != mount_id_parent;
fallback:
r = fstatat(fd, "", &a, AT_EMPTY_PATH);
if (r < 0) {
if (errno == ENOENT)
return 0;
return -errno;
}
r = fstatat(fd, "..", &b, 0);
if (r < 0)
return -errno;
return a.st_dev != b.st_dev;
} }
int path_is_read_only_fs(const char *path) { int path_is_read_only_fs(const char *path) {

1
src/shared/path-util.h
View File

@ -53,6 +53,7 @@ char** path_strv_make_absolute_cwd(char **l);
char** path_strv_resolve(char **l, const char *prefix); char** path_strv_resolve(char **l, const char *prefix);
char** path_strv_resolve_uniq(char **l, const char *prefix); char** path_strv_resolve_uniq(char **l, const char *prefix);
int fd_is_mount_point(int fd);
int path_is_mount_point(const char *path, bool allow_symlink); int path_is_mount_point(const char *path, bool allow_symlink);
int path_is_read_only_fs(const char *path); int path_is_read_only_fs(const char *path);
int path_is_os_tree(const char *path); int path_is_os_tree(const char *path);

17
src/shared/rm-rf.c
View File

@ -89,7 +89,7 @@ int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) {
if (is_dir) { if (is_dir) {
int subdir_fd; int subdir_fd;
/* if root_dev is set, remove subdirectories only, if device is same as dir */ /* if root_dev is set, remove subdirectories only if device is same */
if (root_dev && st.st_dev != root_dev->st_dev) if (root_dev && st.st_dev != root_dev->st_dev)
continue; continue;
@ -100,6 +100,20 @@ int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) {
continue; continue;
} }
/* Stop at mount points */
r = fd_is_mount_point(subdir_fd);
if (r < 0) {
if (ret == 0 && r != -ENOENT)
ret = r;
safe_close(subdir_fd);
continue;
}
if (r) {
safe_close(subdir_fd);
continue;
}
/* We pass REMOVE_PHYSICAL here, to avoid /* We pass REMOVE_PHYSICAL here, to avoid
* doing the fstatfs() to check the file * doing the fstatfs() to check the file
* system type again for each directory */ * system type again for each directory */
@ -162,7 +176,6 @@ int rm_rf(const char *path, RemoveFlags flags) {
r = rm_rf_children(fd, flags, NULL); r = rm_rf_children(fd, flags, NULL);
if (flags & REMOVE_ROOT) { if (flags & REMOVE_ROOT) {
if (rmdir(path) < 0 && errno != ENOENT) { if (rmdir(path) < 0 && errno != ENOENT) {
if (r == 0) if (r == 0)
r = -errno; r = -errno;