src/basic/rm-rf.c

   1 /***
   2   This file is part of systemd.
   3
   4   Copyright 2015 Lennart Poettering
   5
   6   systemd is free software; you can redistribute it and/or modify it
   7   under the terms of the GNU Lesser General Public License as published by
   8   the Free Software Foundation; either version 2.1 of the License, or
   9   (at your option) any later version.
  10
  11   systemd is distributed in the hope that it will be useful, but
  12   WITHOUT ANY WARRANTY; without even the implied warranty of
  13   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  14   Lesser General Public License for more details.
  15
  16   You should have received a copy of the GNU Lesser General Public License
  17   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  18 ***/
  19
  20 #include <dirent.h>
  21 #include <errno.h>
  22 #include <fcntl.h>
  23 #include <stdbool.h>
  24 #include <stddef.h>
  25 #include <sys/stat.h>
  26 #include <sys/statfs.h>
  27 #include <unistd.h>
  28
  29 #include "btrfs-util.h"
  30 #include "cgroup-util.h"
  31 #include "fd-util.h"
  32 #include "log.h"
  33 #include "macro.h"
  34 #include "mount-util.h"
  35 #include "path-util.h"
  36 #include "rm-rf.h"
  37 #include "stat-util.h"
  38 #include "string-util.h"
  39
  40 static bool is_physical_fs(const struct statfs *sfs) {
  41         return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs);
  42 }
  43
  44 int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) {
  45         _cleanup_closedir_ DIR *d = NULL;
  46         int ret = 0, r;
  47         struct statfs sfs;
  48
  49         assert(fd >= 0);
  50
  51         /* This returns the first error we run into, but nevertheless
  52          * tries to go on. This closes the passed fd. */
  53
  54         if (!(flags & REMOVE_PHYSICAL)) {
  55
  56                 r = fstatfs(fd, &sfs);
  57                 if (r < 0) {
  58                         safe_close(fd);
  59                         return -errno;
  60                 }
  61
  62                 if (is_physical_fs(&sfs)) {
  63                         /* We refuse to clean physical file systems
  64                          * with this call, unless explicitly
  65                          * requested. This is extra paranoia just to
  66                          * be sure we never ever remove non-state
  67                          * data */
  68
  69                         log_error("Attempted to remove disk file system, and we can't allow that.");
  70                         safe_close(fd);
  71                         return -EPERM;
  72                 }
  73         }
  74
  75         d = fdopendir(fd);
  76         if (!d) {
  77                 safe_close(fd);
  78                 return errno == ENOENT ? 0 : -errno;
  79         }
  80
  81         for (;;) {
  82                 struct dirent *de;
  83                 bool is_dir;
  84                 struct stat st;
  85
  86                 errno = 0;
  87                 de = readdir(d);
  88                 if (!de) {
  89                         if (errno > 0 && ret == 0)
  90                                 ret = -errno;
  91                         return ret;
  92                 }
  93
  94                 if (streq(de->d_name, ".") || streq(de->d_name, ".."))
  95                         continue;
  96
  97                 if (de->d_type == DT_UNKNOWN ||
  98                     (de->d_type == DT_DIR && (root_dev || (flags & REMOVE_SUBVOLUME)))) {
  99                         if (fstatat(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
 100                                 if (ret == 0 && errno != ENOENT)
 101                                         ret = -errno;
 102                                 continue;
 103                         }
 104
 105                         is_dir = S_ISDIR(st.st_mode);
 106                 } else
 107                         is_dir = de->d_type == DT_DIR;
 108
 109                 if (is_dir) {
 110                         int subdir_fd;
 111
 112                         /* if root_dev is set, remove subdirectories only if device is same */
 113                         if (root_dev && st.st_dev != root_dev->st_dev)
 114                                 continue;
 115
 116                         subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
 117                         if (subdir_fd < 0) {
 118                                 if (ret == 0 && errno != ENOENT)
 119                                         ret = -errno;
 120                                 continue;
 121                         }
 122
 123                         /* Stop at mount points */
 124                         r = fd_is_mount_point(fd, de->d_name, 0);
 125                         if (r < 0) {
 126                                 if (ret == 0 && r != -ENOENT)
 127                                         ret = r;
 128
 129                                 safe_close(subdir_fd);
 130                                 continue;
 131                         }
 132                         if (r) {
 133                                 safe_close(subdir_fd);
 134                                 continue;
 135                         }
 136
 137                         if ((flags & REMOVE_SUBVOLUME) && st.st_ino == 256) {
 138
 139                                 /* This could be a subvolume, try to remove it */
 140
 141                                 r = btrfs_subvol_remove_fd(fd, de->d_name, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
 142                                 if (r < 0) {
 143                                         if (r != -ENOTTY && r != -EINVAL) {
 144                                                 if (ret == 0)
 145                                                         ret = r;
 146
 147                                                 safe_close(subdir_fd);
 148                                                 continue;
 149                                         }
 150
 151                                         /* ENOTTY, then it wasn't a
 152                                          * btrfs subvolume, continue
 153                                          * below. */
 154                                 } else {
 155                                         /* It was a subvolume, continue. */
 156                                         safe_close(subdir_fd);
 157                                         continue;
 158                                 }
 159                         }
 160
 161                         /* We pass REMOVE_PHYSICAL here, to avoid
 162                          * doing the fstatfs() to check the file
 163                          * system type again for each directory */
 164                         r = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev);
 165                         if (r < 0 && ret == 0)
 166                                 ret = r;
 167
 168                         if (unlinkat(fd, de->d_name, AT_REMOVEDIR) < 0) {
 169                                 if (ret == 0 && errno != ENOENT)
 170                                         ret = -errno;
 171                         }
 172
 173                 } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) {
 174
 175                         if (unlinkat(fd, de->d_name, 0) < 0) {
 176                                 if (ret == 0 && errno != ENOENT)
 177                                         ret = -errno;
 178                         }
 179                 }
 180         }
 181 }
 182
 183 int rm_rf(const char *path, RemoveFlags flags) {
 184         int fd, r;
 185         struct statfs s;
 186
 187         assert(path);
 188
 189         /* We refuse to clean the root file system with this
 190          * call. This is extra paranoia to never cause a really
 191          * seriously broken system. */
 192         if (path_equal(path, "/")) {
 193                 log_error("Attempted to remove entire root file system, and we can't allow that.");
 194                 return -EPERM;
 195         }
 196
 197         if ((flags & (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) == (REMOVE_SUBVOLUME|REMOVE_ROOT|REMOVE_PHYSICAL)) {
 198                 /* Try to remove as subvolume first */
 199                 r = btrfs_subvol_remove(path, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
 200                 if (r >= 0)
 201                         return r;
 202
 203                 if (r != -ENOTTY && r != -EINVAL && r != -ENOTDIR)
 204                         return r;
 205
 206                 /* Not btrfs or not a subvolume */
 207         }
 208
 209         fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
 210         if (fd < 0) {
 211
 212                 if (errno != ENOTDIR && errno != ELOOP)
 213                         return -errno;
 214
 215                 if (!(flags & REMOVE_PHYSICAL)) {
 216                         if (statfs(path, &s) < 0)
 217                                 return -errno;
 218
 219                         if (is_physical_fs(&s)) {
 220                                 log_error("Attempted to remove disk file system, and we can't allow that.");
 221                                 return -EPERM;
 222                         }
 223                 }
 224
 225                 if ((flags & REMOVE_ROOT) && !(flags & REMOVE_ONLY_DIRECTORIES))
 226                         if (unlink(path) < 0 && errno != ENOENT)
 227                                 return -errno;
 228
 229                 return 0;
 230         }
 231
 232         r = rm_rf_children(fd, flags, NULL);
 233
 234         if (flags & REMOVE_ROOT) {
 235                 if (rmdir(path) < 0) {
 236                         if (r == 0 && errno != ENOENT)
 237                                 r = -errno;
 238                 }
 239         }
 240
 241         return r;
 242 }