drivers: btrfs: Allow unprivileged user to delete subvolumes

In btrfs, subvolume can be deleted by IOC_SNAP_DESTROY ioctl but there
is one catch: unprivileged IOC_SNAP_DESTROY call is restricted by default.

This is because IOC_SNAP_DESTROY only performs permission checks on
the top directory(subvolume) and unprivileged user might delete dirs/files
which cannot be deleted otherwise. This restriction can be relaxed if
user_subvol_rm_allowed mount option is used.

Although the above ioctl had been the only way to delete a subvolume,
btrfs now allows deletion of subvolume just like regular directory
(i.e. rmdir sycall) since kernel 4.18.

So if we fail to cleanup subvolume in subvolDelete(), just fallback to
system.EnsureRmoveall() to try to cleanup subvolumes again.
(Note: quota needs privilege, so if quota is enabled we do not fallback)

This fix will allow non-privileged container works with btrfs backend.

Signed-off-by: Misono Tomohiro <misono.tm@gmail.com>

storage/drivers/btrfs/btrfs.go

@@ -627,7 +627,12 @@ func (d *Driver) Remove(id string) error {
 	d.updateQuotaStatus()
 
 	if err := subvolDelete(d.subvolumesDir(), id, d.quotaEnabled); err != nil {
-		return err
+		if d.quotaEnabled {
+			return err
+		}
+		// If quota is not enabled, fallback to rmdir syscall to delete subvolumes.
+		// This would allow unprivileged user to delete their owned subvolumes
+		// in kernel >= 4.18 without user_subvol_rm_alowed mount option.
 	}
 	if err := system.EnsureRemoveAll(dir); err != nil {
 		return err