cool#9976 path/tmp/cool-<jailid> remains behind when jail is removed

which is where path/<jailid>/tmp is mounted (or linked) from. This seems to have been the case before namespace support, but it is just an empty dir without namespaces, but with namespaces (because the path/<jailid>/tmp mount is hidden from parent processes) the jail tmp contents were also left behind. #9976 Signed-off-by: Caolán McNamara <[email protected]> Change-Id: If4aed3ffa0eca73e915f6d48c50a7e70601e210d
CollaboraOnline · Sep 4, 2024 · 2bdaf04 · 2bdaf04
1 parent 5fb1b47
commit 2bdaf04
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/common/JailUtil.cpp b/common/JailUtil.cpp
@@ -269,6 +269,26 @@ void removeAuxFolders(const std::string &root)
     FileUtil::removeFile(Poco::Path(root, "linkable").toString(), true);
 }
 
+/*
+    The tmp dir of a path/<jailid>/tmp is mounted from (or linked to) a
+    path/tmp/cool-<jailid> dir. In a mount namespace case the existence
+    of path/<jailid>/tmp is not visible to the parent process so its
+    contents cannot be removed via the path/<jailid>/tmp view, and
+    in any case the path/<jailid>/tmp should to be removed.
+*/
+void removeAssocTmpOfJail(const std::string &root)
+{
+    Poco::Path jailPath(root);
+    jailPath.makeDirectory();
+    const std::string jailId = jailPath[jailPath.depth() - 1];
+
+    jailPath.popDirectory();
+    jailPath.pushDirectory("tmp");
+    jailPath.pushDirectory(std::string("cool-") + jailId);
+
+    FileUtil::removeFile(jailPath.toString(), true);
+}
+
 bool tryRemoveJail(const std::string& root)
 {
     const bool emptyJail = FileUtil::isEmptyDirectory(root);
@@ -300,6 +320,8 @@ bool tryRemoveJail(const std::string& root)
     // Unmount/delete the jail (sysTemplate).
     safeRemoveDir(root);
 
+    removeAssocTmpOfJail(root);
+
     return true;
 }