util: rm_rf_children_dangerous: delete all descendants dangerously

Call rm_rf_children_dangerous() recursively rather than falling back to
rm_rf_children(). This fixes a bug in systemd-tmpfiles.

The problem can easily be reproduced by:

  # mount /dev/sda1 /mnt
  # mkdir /mnt/test
  # echo "D /mnt" > /root/test.conf
  # systemd-tmpfiles --remove /root/test.conf
  Attempted to remove disk file system, and we can't allow that.
  rm_rf(/root/test): Operation not permitted

Reported-by: Lukas Jirkovsky <l.jirkovsky@gmail.com>

diff --git a/src/shared/util.c b/src/shared/util.c
index 4f5cb26..eaf2721 100644 (file)
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -3358,7 +3358,7 @@ int rm_rf_children_dangerous(int fd, bool only_dirs, bool honour_sticky, struct
                                 continue;
                         }
 
-                        r = rm_rf_children(subdir_fd, only_dirs, honour_sticky, root_dev);
+                        r = rm_rf_children_dangerous(subdir_fd, only_dirs, honour_sticky, root_dev);
                         if (r < 0 && ret == 0)
                                 ret = r;