Fixes: 15858 (podman system reset --force destroy machine)

Safe guards calls to os.RemoveAll in order to prevent calls from accidently deleting the root file system in very strange edge cases. Signed-off-by: Mike Perry <mike@bitbistro.org>
containers · Oct 20, 2022 · 20ea831 · 20ea831
1 parent ecaefee
commit 20ea831
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 7 deletions.
diff --git a/pkg/machine/config.go b/pkg/machine/config.go
@@ -5,6 +5,7 @@ package machine
 
 import (
 	"errors"
+	"fmt"
 	"net"
 	"net/url"
 	"os"
@@ -237,6 +238,15 @@ func ConfDirPrefix() (string, error) {
 	return confDir, nil
 }
 
+// GuardedRemoveAll functions much like os.RemoveAll but
+// will not delete certain catastrophic paths.
+func GuardedRemoveAll(path string) error {
+	if path == "" || path == "/" {
+		return fmt.Errorf("refusing to recusively delete `%s`", path)
+	}
+	return os.RemoveAll(path)
+}
+
 // ResourceConfig describes physical attributes of the machine
 type ResourceConfig struct {
 	// CPUs to be assigned to the VM

diff --git a/pkg/machine/e2e/init_test.go b/pkg/machine/e2e/init_test.go
@@ -142,7 +142,7 @@ var _ = Describe("podman machine init", func() {
 		_, err = os.CreateTemp(tmpDir, "example")
 		Expect(err).To(BeNil())
 		mount := tmpDir + ":/testmountdir"
-		defer os.RemoveAll(tmpDir)
+		defer machine.GuardedRemoveAll(tmpDir)
 
 		name := randomString()
 		i := new(initMachine)

diff --git a/pkg/machine/e2e/machine_test.go b/pkg/machine/e2e/machine_test.go
@@ -128,7 +128,7 @@ func teardown(origHomeDir string, testDir string, mb *machineTestBuilder) {
 			fmt.Printf("error occurred rm'ing machine: %q\n", err)
 		}
 	}
-	if err := os.RemoveAll(testDir); err != nil {
+	if err := machine.GuardedRemoveAll(testDir); err != nil {
 		Fail(fmt.Sprintf("failed to remove test dir: %q", err))
 	}
 	// this needs to be last in teardown

diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
@@ -1689,7 +1689,7 @@ func (p *Provider) RemoveAndCleanMachines() error {
 		}
 		prevErr = err
 	} else {
-		err := os.RemoveAll(dataDir)
+		err := machine.GuardedRemoveAll(dataDir)
 		if err != nil {
 			if prevErr != nil {
 				logrus.Error(prevErr)
@@ -1706,7 +1706,7 @@ func (p *Provider) RemoveAndCleanMachines() error {
 		}
 		prevErr = err
 	} else {
-		err := os.RemoveAll(confDir)
+		err := machine.GuardedRemoveAll(confDir)
 		if err != nil {
 			if prevErr != nil {
 				logrus.Error(prevErr)

diff --git a/pkg/machine/wsl/machine.go b/pkg/machine/wsl/machine.go
@@ -1339,7 +1339,7 @@ func (v *MachineVM) Remove(name string, opts machine.RemoveOptions) (string, fun
 			logrus.Error(err)
 		}
 		for _, f := range files {
-			if err := os.RemoveAll(f); err != nil {
+			if err := machine.GuardedRemoveAll(f); err != nil {
 				logrus.Error(err)
 			}
 		}
@@ -1644,7 +1644,7 @@ func (p *Provider) RemoveAndCleanMachines() error {
 		}
 		prevErr = err
 	} else {
-		err := os.RemoveAll(dataDir)
+		err := machine.GuardedRemoveAll(dataDir)
 		if err != nil {
 			if prevErr != nil {
 				logrus.Error(prevErr)
@@ -1661,7 +1661,7 @@ func (p *Provider) RemoveAndCleanMachines() error {
 		}
 		prevErr = err
 	} else {
-		err := os.RemoveAll(confDir)
+		err := machine.GuardedRemoveAll(confDir)
 		if err != nil {
 			if prevErr != nil {
 				logrus.Error(prevErr)