diff options
| author | Luca Boccassi <luca.boccassi@microsoft.com> | 2021-11-04 20:48:58 +0100 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@microsoft.com> | 2021-11-05 23:37:34 +0100 |
| commit | 82100ef486cf7e3b1df64b6bb29db43ac146ac6c (patch) | |
| tree | e4a211abc57f9266ff49b3369ef2694eda01f69d /src/analyze/analyze-security.c | |
| parent | analyze: explain how the weight/range policy fields are used (diff) | |
| download | systemd-82100ef486cf7e3b1df64b6bb29db43ac146ac6c.tar.xz systemd-82100ef486cf7e3b1df64b6bb29db43ac146ac6c.zip | |
analyze: allow a custom policy to skip a check with weight=0
In some cases an offline analysis should ignore some fields, for example
a portable service in an image will never list RootImage/RootDirectory, as
they are added at runtime, and thus can be skipped.
Diffstat (limited to 'src/analyze/analyze-security.c')
| -rw-r--r-- | src/analyze/analyze-security.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index 400eebbda8..d3e011e903 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -1764,6 +1764,11 @@ static int assess(const SecurityInfo *info, d = strdup("Service runs in special boot phase, option is not appropriate"); if (!d) return log_oom(); + } else if (weight == 0) { + badness = UINT64_MAX; + d = strdup("Option excluded by policy, skipping"); + if (!d) + return log_oom(); } else { r = a->assess(a, info, data, &badness, &d); if (r < 0) |