diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-06-02 15:44:29 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-06-04 12:21:19 +0200 |
commit | bd6d28f21ad212e141b5e74bd0b7ad517f64a711 (patch) | |
tree | cba0ddc5493a16835cfb8aefdb94b837997e7ff1 /src | |
parent | basic/glob-util: add helper to strip the glob part from a glob (diff) | |
download | systemd-bd6d28f21ad212e141b5e74bd0b7ad517f64a711.tar.xz systemd-bd6d28f21ad212e141b5e74bd0b7ad517f64a711.zip |
tmpfiles: do not check if unresolved globs are autofs paths
With the previous commit, we would not complain about the not-found path, but
the check is still not useful. We use a libc function to resolve the glob, and
it has no notion of treating autofs specially. So we can't avoid touching
autofs when resolving globs. But usually the glob is found in the last
component of the path, so if we strip the glob part, we can still do a useful
check in many cases. (E.g. if /var/tmp is on autofs, something like
"/var/tmp/<glob>" is much more likely than "/var/<glob-that-matches-tmp>/<something>".)
With the system config in F34, we check the following prefixes:
/var/tmp/abrt/* → /var/tmp/abrt/
/run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/*.journal* → /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/
/var/lib/systemd/coredump/.#core*.21e5c6c28c5747e6a4c7c28af9560a3d* → /var/lib/systemd/coredump/
/tmp/podman-run-* → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /tmp/
/tmp/containers-user-* → /tmp/
/var/tmp/beakerlib-* → /var/tmp/
/var/tmp/dnf*/locks/* → /var/tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /var/tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /var/tmp/
/var/tmp/abrt/* → /var/tmp/abrt/
/var/tmp/beakerlib-* → /var/tmp/
/var/tmp/dnf*/locks/* → /var/tmp/
/tmp/podman-run-* → /tmp/
/tmp/containers-user-* → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /var/tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /var/tmp/
/var/lib/systemd/coredump/.#core*.21e5c6c28c5747e6a4c7c28af9560a3d* → /var/lib/systemd/coredump/
/run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/*.journal* → /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/
Diffstat (limited to 'src')
-rw-r--r-- | src/tmpfiles/tmpfiles.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index 032673f08d..45cd549029 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -2344,6 +2344,8 @@ static int clean_item(Item *i) { static int process_item(Item *i, OperationMask operation) { OperationMask todo; + _cleanup_free_ char *_path = NULL; + const char *path; int r, q, p; assert(i); @@ -2354,9 +2356,21 @@ static int process_item(Item *i, OperationMask operation) { i->done |= operation; - r = chase_symlinks(i->path, arg_root, CHASE_NO_AUTOFS|CHASE_NONEXISTENT|CHASE_WARN, NULL, NULL); + path = i->path; + if (string_is_glob(path)) { + /* We can't easily check whether a glob matches any autofs path, so let's do the check only + * for the non-glob part. */ + + r = glob_non_glob_prefix(path, &_path); + if (r < 0 && r != -ENOENT) + return log_debug_errno(r, "Failed to deglob path: %m"); + if (r >= 0) + path = _path; + } + + r = chase_symlinks(path, arg_root, CHASE_NO_AUTOFS|CHASE_NONEXISTENT|CHASE_WARN, NULL, NULL); if (r == -EREMOTE) { - log_notice_errno(r, "Skipping %s", i->path); + log_notice_errno(r, "Skipping %s", i->path); /* We log the configured path, to not confuse the user. */ return 0; } if (r < 0) |