summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorDave Reisner <dreisner@archlinux.org>2013-01-07 01:08:00 +0100
committerAllan McRae <allan@archlinux.org>2013-02-16 02:06:43 +0100
commit26a79cb29d279c529d58c62b7ad9c103c808d218 (patch)
tree625025456d32e3f4b5b1f90072062a7958f32f09 /lib
parent8fe8233dfa9c7827371168158784311cffb97556 (diff)
downloadpacman-26a79cb29d279c529d58c62b7ad9c103c808d218.tar.gz
pacman-26a79cb29d279c529d58c62b7ad9c103c808d218.tar.xz
libalpm: never attempt to remove a mountpoint
Arch Linux typically runs into this with /sys when upgrading the filesystem package in build chroots, but LXC users might also run into this, since their /sys is shared from the host and must, for security reasons, be mounted RO. I've neglected to add any tests for this because they would require root in order to run. Current tests all pass with this patch and I've confirmed the desired behavior in a VM. Incidentally, the first hunk of this patch (skipping can_remove_file checks for directories) resolves the case of API mountpoints being removed since they eventually fall into unlink_file and fail with "contains files". However, this patch should still be the Right Thing To Do™, as we can't possibly remove a directory that is also a mountpoint. Signed-off-by: Dave Reisner <dreisner@archlinux.org> [Allan] Do not skip checking if directories can be removed. Instead test if directories are mountpoints in can_remove_file. Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'lib')
-rw-r--r--lib/libalpm/remove.c40
1 files changed, 40 insertions, 0 deletions
diff --git a/lib/libalpm/remove.c b/lib/libalpm/remove.c
index 50fc93ca..64888c52 100644
--- a/lib/libalpm/remove.c
+++ b/lib/libalpm/remove.c
@@ -267,6 +267,37 @@ int _alpm_remove_prepare(alpm_handle_t *handle, alpm_list_t **data)
return 0;
}
+static int dir_is_mountpoint(alpm_handle_t *handle, const char *directory,
+ const struct stat *stbuf)
+{
+ char parent_dir[PATH_MAX];
+ struct stat parent_stbuf;
+ dev_t dir_st_dev;
+
+ if(stbuf == NULL) {
+ struct stat dir_stbuf;
+ if(stat(directory, &dir_stbuf) < 0) {
+ _alpm_log(handle, ALPM_LOG_DEBUG,
+ "failed to stat directory %s: %s",
+ directory, strerror(errno));
+ return 0;
+ }
+ dir_st_dev = dir_stbuf.st_dev;
+ } else {
+ dir_st_dev = stbuf->st_dev;
+ }
+
+ snprintf(parent_dir, PATH_MAX, "%s..", directory);
+ if(stat(parent_dir, &parent_stbuf) < 0) {
+ _alpm_log(handle, ALPM_LOG_DEBUG,
+ "failed to stat parent of %s: %s: %s",
+ directory, parent_dir, strerror(errno));
+ return 0;
+ }
+
+ return dir_st_dev != parent_stbuf.st_dev;
+}
+
/**
* @brief Check if alpm can delete a file.
*
@@ -286,6 +317,12 @@ static int can_remove_file(alpm_handle_t *handle, const alpm_file_t *file,
return 1;
}
+ if(file->name[strlen(file->name) - 1] == '/' &&
+ dir_is_mountpoint(handle, file->name, NULL)) {
+ /* we do not remove mountpoints */
+ return 1;
+ }
+
snprintf(filepath, PATH_MAX, "%s%s", handle->root, file->name);
/* If we fail write permissions due to a read-only filesystem, abort.
* Assume all other possible failures are covered somewhere else */
@@ -427,6 +464,9 @@ static int unlink_file(alpm_handle_t *handle, alpm_pkg_t *oldpkg,
fileobj->name)) {
_alpm_log(handle, ALPM_LOG_DEBUG,
"keeping directory %s (in new package)\n", file);
+ } else if(dir_is_mountpoint(handle, file, &buf)) {
+ _alpm_log(handle, ALPM_LOG_DEBUG,
+ "keeping directory %s (mountpoint)\n", file);
} else {
/* one last check- does any other package own this file? */
alpm_list_t *local, *local_pkgs;