]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/rm-rf.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: drop license boilerplate
[thirdparty/systemd.git] / src / basic / rm-rf.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2015 Lennart Poettering
6 ***/
7
8 #include <errno.h>
9 #include <fcntl.h>
10 #include <stdbool.h>
11 #include <stddef.h>
12 #include <sys/stat.h>
13 #include <sys/statfs.h>
14 #include <unistd.h>
15
16 #include "btrfs-util.h"
17 #include "cgroup-util.h"
18 #include "dirent-util.h"
19 #include "fd-util.h"
20 #include "log.h"
21 #include "macro.h"
22 #include "mount-util.h"
23 #include "path-util.h"
24 #include "rm-rf.h"
25 #include "stat-util.h"
26 #include "string-util.h"
27
28 static bool is_physical_fs(const struct statfs *sfs) {
29 return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs);
30 }
31
32 int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) {
33 _cleanup_closedir_ DIR *d = NULL;
34 struct dirent *de;
35 int ret = 0, r;
36 struct statfs sfs;
37
38 assert(fd >= 0);
39
40 /* This returns the first error we run into, but nevertheless
41 * tries to go on. This closes the passed fd. */
42
43 if (!(flags & REMOVE_PHYSICAL)) {
44
45 r = fstatfs(fd, &sfs);
46 if (r < 0) {
47 safe_close(fd);
48 return -errno;
49 }
50
51 if (is_physical_fs(&sfs)) {
52 /* We refuse to clean physical file systems
53 * with this call, unless explicitly
54 * requested. This is extra paranoia just to
55 * be sure we never ever remove non-state
56 * data */
57
58 log_error("Attempted to remove disk file system, and we can't allow that.");
59 safe_close(fd);
60 return -EPERM;
61 }
62 }
63
64 d = fdopendir(fd);
65 if (!d) {
66 safe_close(fd);
67 return errno == ENOENT ? 0 : -errno;
68 }
69
70 FOREACH_DIRENT_ALL(de, d, return -errno) {
71 bool is_dir;
72 struct stat st;
73
74 if (dot_or_dot_dot(de->d_name))
75 continue;
76
77 if (de->d_type == DT_UNKNOWN ||
78 (de->d_type == DT_DIR && (root_dev || (flags & REMOVE_SUBVOLUME)))) {
79 if (fstatat(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
80 if (ret == 0 && errno != ENOENT)
81 ret = -errno;
82 continue;
83 }
84
85 is_dir = S_ISDIR(st.st_mode);
86 } else
87 is_dir = de->d_type == DT_DIR;
88
89 if (is_dir) {
90 int subdir_fd;
91
92 /* if root_dev is set, remove subdirectories only if device is same */
93 if (root_dev && st.st_dev != root_dev->st_dev)
94 continue;
95
96 subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
97 if (subdir_fd < 0) {
98 if (ret == 0 && errno != ENOENT)
99 ret = -errno;
100 continue;
101 }
102
103 /* Stop at mount points */
104 r = fd_is_mount_point(fd, de->d_name, 0);
105 if (r < 0) {
106 if (ret == 0 && r != -ENOENT)
107 ret = r;
108
109 safe_close(subdir_fd);
110 continue;
111 }
112 if (r) {
113 safe_close(subdir_fd);
114 continue;
115 }
116
117 if ((flags & REMOVE_SUBVOLUME) && st.st_ino == 256) {
118
119 /* This could be a subvolume, try to remove it */
120
121 r = btrfs_subvol_remove_fd(fd, de->d_name, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
122 if (r < 0) {
123 if (!IN_SET(r, -ENOTTY, -EINVAL)) {
124 if (ret == 0)
125 ret = r;
126
127 safe_close(subdir_fd);
128 continue;
129 }
130
131 /* ENOTTY, then it wasn't a
132 * btrfs subvolume, continue
133 * below. */
134 } else {
135 /* It was a subvolume, continue. */
136 safe_close(subdir_fd);
137 continue;
138 }
139 }
140
141 /* We pass REMOVE_PHYSICAL here, to avoid
142 * doing the fstatfs() to check the file
143 * system type again for each directory */
144 r = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev);
145 if (r < 0 && ret == 0)
146 ret = r;
147
148 if (unlinkat(fd, de->d_name, AT_REMOVEDIR) < 0) {
149 if (ret == 0 && errno != ENOENT)
150 ret = -errno;
151 }
152
153 } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) {
154
155 if (unlinkat(fd, de->d_name, 0) < 0) {
156 if (ret == 0 && errno != ENOENT)
157 ret = -errno;
158 }
159 }
160 }
161 return ret;
162 }
163
164 int rm_rf(const char *path, RemoveFlags flags) {
165 int fd, r;
166 struct statfs s;
167
168 assert(path);
169
170 /* We refuse to clean the root file system with this
171 * call. This is extra paranoia to never cause a really
172 * seriously broken system. */
173 if (path_equal_or_files_same(path, "/", AT_SYMLINK_NOFOLLOW)) {
174 log_error("Attempted to remove entire root file system, and we can't allow that.");
175 return -EPERM;
176 }
177
178 if ((flags & (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) == (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) {
179 /* Try to remove as subvolume first */
180 r = btrfs_subvol_remove(path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
181 if (r >= 0)
182 return r;
183
184 if (!IN_SET(r, -ENOTTY, -EINVAL, -ENOTDIR))
185 return r;
186
187 /* Not btrfs or not a subvolume */
188 }
189
190 fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
191 if (fd < 0) {
192
193 if (!IN_SET(errno, ENOTDIR, ELOOP))
194 return -errno;
195
196 if (!(flags & REMOVE_PHYSICAL)) {
197 if (statfs(path, &s) < 0)
198 return -errno;
199
200 if (is_physical_fs(&s)) {
201 log_error("Attempted to remove disk file system, and we can't allow that.");
202 return -EPERM;
203 }
204 }
205
206 if ((flags & REMOVE_ROOT) && !(flags & REMOVE_ONLY_DIRECTORIES))
207 if (unlink(path) < 0 && errno != ENOENT)
208 return -errno;
209
210 return 0;
211 }
212
213 r = rm_rf_children(fd, flags, NULL);
214
215 if (flags & REMOVE_ROOT) {
216 if (rmdir(path) < 0) {
217 if (r == 0 && errno != ENOENT)
218 r = -errno;
219 }
220 }
221
222 return r;
223 }
Unnamed repository; edit this file 'description' to name the repository.