rm-rf: refuse combining REMOVE_ONLY_DIRECTORIES and REMOVE_SUBVOLUME for now

It's not easy to implement such a combined operation race-freely since
dropping a subvolume will drop all its contents, including any
non-directories.

Hence, let's just not support this combination for now. Which isn't much
of a loss, since we never combine these flags anyway.

diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c
index 0c957c9..acc0f88 100644 (file)
--- a/src/basic/rm-rf.c
+++ b/src/basic/rm-rf.c
@@ -165,6 +165,11 @@ int rm_rf(const char *path, RemoveFlags flags) {
 
         assert(path);
 
+        /* For now, don't support dropping subvols when also only dropping directories, since we can't do
+         * this race-freely. */
+        if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME))
+                return -EINVAL;
+
         /* We refuse to clean the root file system with this
          * call. This is extra paranoia to never cause a really
          * seriously broken system. */