tmpfiles: do not check if unresolved globs are autofs paths

With the previous commit, we would not complain about the not-found path, but
the check is still not useful. We use a libc function to resolve the glob, and
it has no notion of treating autofs specially. So we can't avoid touching
autofs when resolving globs. But usually the glob is found in the last
component of the path, so if we strip the glob part, we can still do a useful
check in many cases. (E.g. if /var/tmp is on autofs, something like
"/var/tmp/<glob>" is much more likely than "/var/<glob-that-matches-tmp>/<something>".)

With the system config in F34, we check the following prefixes:

/var/tmp/abrt/* → /var/tmp/abrt/
/run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/*.journal* → /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/
/var/lib/systemd/coredump/.#core*.21e5c6c28c5747e6a4c7c28af9560a3d* → /var/lib/systemd/coredump/
/tmp/podman-run-* → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /tmp/
/tmp/containers-user-* → /tmp/
/var/tmp/beakerlib-* → /var/tmp/
/var/tmp/dnf*/locks/* → /var/tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /var/tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /var/tmp/
/var/tmp/abrt/* → /var/tmp/abrt/
/var/tmp/beakerlib-* → /var/tmp/
/var/tmp/dnf*/locks/* → /var/tmp/
/tmp/podman-run-* → /tmp/
/tmp/containers-user-* → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /var/tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /var/tmp/
/var/lib/systemd/coredump/.#core*.21e5c6c28c5747e6a4c7c28af9560a3d* → /var/lib/systemd/coredump/
/run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/*.journal* → /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/

(cherry picked from commit bd6d28f21ad212e141b5e74bd0b7ad517f64a711)
(cherry picked from commit 399a00be3536cb5fbf3f96058c2a88a2a634d466)
(cherry picked from commit 4a78d0a80fe0eaf8bc0d6579ef96bb31e6afaf48)

1 files changed, 16 insertions, 2 deletions

diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 954548ae2c..00e35463de 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2263,6 +2263,8 @@ static int clean_item(Item *i) {
 
 static int process_item(Item *i, OperationMask operation) {
         OperationMask todo;
+        _cleanup_free_ char *_path = NULL;
+        const char *path;
         int r, q, p;
 
         assert(i);
@@ -2273,9 +2275,21 @@ static int process_item(Item *i, OperationMask operation) {
 
         i->done |= operation;
 
-        r = chase_symlinks(i->path, arg_root, CHASE_NO_AUTOFS|CHASE_NONEXISTENT|CHASE_WARN, NULL, NULL);
+        path = i->path;
+        if (string_is_glob(path)) {
+                /* We can't easily check whether a glob matches any autofs path, so let's do the check only
+                 * for the non-glob part. */
+
+                r = glob_non_glob_prefix(path, &_path);
+                if (r < 0 && r != -ENOENT)
+                        return log_debug_errno(r, "Failed to deglob path: %m");
+                if (r >= 0)
+                        path = _path;
+        }
+
+        r = chase_symlinks(path, arg_root, CHASE_NO_AUTOFS|CHASE_NONEXISTENT|CHASE_WARN, NULL, NULL);
         if (r == -EREMOTE) {
-                log_notice_errno(r, "Skipping %s", i->path);
+                log_notice_errno(r, "Skipping %s", i->path); /* We log the configured path, to not confuse the user. */
                 return 0;
         }
         if (r < 0)