From bd6d28f21ad212e141b5e74bd0b7ad517f64a711 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 2 Jun 2021 15:44:29 +0200 Subject: [PATCH] tmpfiles: do not check if unresolved globs are autofs paths MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit With the previous commit, we would not complain about the not-found path, but the check is still not useful. We use a libc function to resolve the glob, and it has no notion of treating autofs specially. So we can't avoid touching autofs when resolving globs. But usually the glob is found in the last component of the path, so if we strip the glob part, we can still do a useful check in many cases. (E.g. if /var/tmp is on autofs, something like "/var/tmp/" is much more likely than "/var//".) With the system config in F34, we check the following prefixes: /var/tmp/abrt/* → /var/tmp/abrt/ /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/*.journal* → /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/ /var/lib/systemd/coredump/.#core*.21e5c6c28c5747e6a4c7c28af9560a3d* → /var/lib/systemd/coredump/ /tmp/podman-run-* → /tmp/ /tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /tmp/ /tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /tmp/ /tmp/containers-user-* → /tmp/ /var/tmp/beakerlib-* → /var/tmp/ /var/tmp/dnf*/locks/* → /var/tmp/ /var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /var/tmp/ /var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /var/tmp/ /var/tmp/abrt/* → /var/tmp/abrt/ /var/tmp/beakerlib-* → /var/tmp/ /var/tmp/dnf*/locks/* → /var/tmp/ /tmp/podman-run-* → /tmp/ /tmp/containers-user-* → /tmp/ /tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /tmp/ /tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /tmp/ /var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /var/tmp/ /var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /var/tmp/ /var/lib/systemd/coredump/.#core*.21e5c6c28c5747e6a4c7c28af9560a3d* → /var/lib/systemd/coredump/ /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/*.journal* → /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/ --- src/tmpfiles/tmpfiles.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index 032673f08de..45cd549029e 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -2344,6 +2344,8 @@ static int clean_item(Item *i) { static int process_item(Item *i, OperationMask operation) { OperationMask todo; + _cleanup_free_ char *_path = NULL; + const char *path; int r, q, p; assert(i); @@ -2354,9 +2356,21 @@ static int process_item(Item *i, OperationMask operation) { i->done |= operation; - r = chase_symlinks(i->path, arg_root, CHASE_NO_AUTOFS|CHASE_NONEXISTENT|CHASE_WARN, NULL, NULL); + path = i->path; + if (string_is_glob(path)) { + /* We can't easily check whether a glob matches any autofs path, so let's do the check only + * for the non-glob part. */ + + r = glob_non_glob_prefix(path, &_path); + if (r < 0 && r != -ENOENT) + return log_debug_errno(r, "Failed to deglob path: %m"); + if (r >= 0) + path = _path; + } + + r = chase_symlinks(path, arg_root, CHASE_NO_AUTOFS|CHASE_NONEXISTENT|CHASE_WARN, NULL, NULL); if (r == -EREMOTE) { - log_notice_errno(r, "Skipping %s", i->path); + log_notice_errno(r, "Skipping %s", i->path); /* We log the configured path, to not confuse the user. */ return 0; } if (r < 0) -- 2.47.3