summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2021-06-02 15:44:29 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2021-06-04 12:21:19 +0200
commitbd6d28f21ad212e141b5e74bd0b7ad517f64a711 (patch)
treecba0ddc5493a16835cfb8aefdb94b837997e7ff1 /src
parentbasic/glob-util: add helper to strip the glob part from a glob (diff)
downloadsystemd-bd6d28f21ad212e141b5e74bd0b7ad517f64a711.tar.xz
systemd-bd6d28f21ad212e141b5e74bd0b7ad517f64a711.zip
tmpfiles: do not check if unresolved globs are autofs paths
With the previous commit, we would not complain about the not-found path, but the check is still not useful. We use a libc function to resolve the glob, and it has no notion of treating autofs specially. So we can't avoid touching autofs when resolving globs. But usually the glob is found in the last component of the path, so if we strip the glob part, we can still do a useful check in many cases. (E.g. if /var/tmp is on autofs, something like "/var/tmp/<glob>" is much more likely than "/var/<glob-that-matches-tmp>/<something>".) With the system config in F34, we check the following prefixes: /var/tmp/abrt/* → /var/tmp/abrt/ /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/*.journal* → /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/ /var/lib/systemd/coredump/.#core*.21e5c6c28c5747e6a4c7c28af9560a3d* → /var/lib/systemd/coredump/ /tmp/podman-run-* → /tmp/ /tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /tmp/ /tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /tmp/ /tmp/containers-user-* → /tmp/ /var/tmp/beakerlib-* → /var/tmp/ /var/tmp/dnf*/locks/* → /var/tmp/ /var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /var/tmp/ /var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /var/tmp/ /var/tmp/abrt/* → /var/tmp/abrt/ /var/tmp/beakerlib-* → /var/tmp/ /var/tmp/dnf*/locks/* → /var/tmp/ /tmp/podman-run-* → /tmp/ /tmp/containers-user-* → /tmp/ /tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /tmp/ /tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /tmp/ /var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /var/tmp/ /var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /var/tmp/ /var/lib/systemd/coredump/.#core*.21e5c6c28c5747e6a4c7c28af9560a3d* → /var/lib/systemd/coredump/ /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/*.journal* → /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/
Diffstat (limited to 'src')
-rw-r--r--src/tmpfiles/tmpfiles.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 032673f08d..45cd549029 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2344,6 +2344,8 @@ static int clean_item(Item *i) {
static int process_item(Item *i, OperationMask operation) {
OperationMask todo;
+ _cleanup_free_ char *_path = NULL;
+ const char *path;
int r, q, p;
assert(i);
@@ -2354,9 +2356,21 @@ static int process_item(Item *i, OperationMask operation) {
i->done |= operation;
- r = chase_symlinks(i->path, arg_root, CHASE_NO_AUTOFS|CHASE_NONEXISTENT|CHASE_WARN, NULL, NULL);
+ path = i->path;
+ if (string_is_glob(path)) {
+ /* We can't easily check whether a glob matches any autofs path, so let's do the check only
+ * for the non-glob part. */
+
+ r = glob_non_glob_prefix(path, &_path);
+ if (r < 0 && r != -ENOENT)
+ return log_debug_errno(r, "Failed to deglob path: %m");
+ if (r >= 0)
+ path = _path;
+ }
+
+ r = chase_symlinks(path, arg_root, CHASE_NO_AUTOFS|CHASE_NONEXISTENT|CHASE_WARN, NULL, NULL);
if (r == -EREMOTE) {
- log_notice_errno(r, "Skipping %s", i->path);
+ log_notice_errno(r, "Skipping %s", i->path); /* We log the configured path, to not confuse the user. */
return 0;
}
if (r < 0)