tmpfiles: Don't traverse mount points

For the same reason we avoid doing this in other code like
in lints.rs; it's reasonable for someone to mount a volume
on `/var/cache/dnf` for example in a container build, and we
don't want to try to convert it to tmpfiles.d.

Signed-off-by: Colin Walters <[email protected]>

Author: cgwalters

tmpfiles/src/lib.rs

@@ -337,20 +337,24 @@ fn convert_path_to_tmpfiles_d_recurse<U: uzers::Users, G: uzers::Groups>(
         }
 
         if meta.is_dir() {
-            convert_path_to_tmpfiles_d_recurse(
-                out_entries,
-                out_unsupported,
-                users,
-                groups,
-                rootfs,
-                existing,
-                prefix,
-                readonly,
-            )?;
             // SAFETY: We know this path is absolute
             let relpath = prefix.strip_prefix("/").unwrap();
-            if !readonly {
-                rootfs.remove_dir_all(relpath)?;
+            // Avoid traversing mount points by default
+            if rootfs.open_dir_noxdev(relpath)?.is_some() {
+                convert_path_to_tmpfiles_d_recurse(
+                    out_entries,
+                    out_unsupported,
+                    users,
+                    groups,
+                    rootfs,
+                    existing,
+                    prefix,
+                    readonly,
+                )?;
+                let relpath = prefix.strip_prefix("/").unwrap();
+                if !readonly {
+                    rootfs.remove_dir_all(relpath)?;
+                }
             }
         } else {
             // SAFETY: We know this path is absolute