analyze: clarify that `security --offline=true` requires an argument

Without `--root` or `--image`, the `security` command inspects all currently loaded service units if no unit name is specified. But with `--root` or `--image` with `--offline=true`, the `security` command exits silently if no unit name is specified. Also, fixed description of `--root` and `--image` in the man page, and added missing `--unit` option to help text.
author: Antonio Alvarez Feijoo <antonio.feijoo@suse.com> 2024-01-11 11:00:37 +0100
committer: Luca Boccassi <luca.boccassi@gmail.com> 2024-01-11 13:19:20 +0100
commit: 5e16328506e1ec33a33162fc64e762152359efdd (patch)
tree: b3a98ab6dc1278bdc322891c20dab038b24cab4f /src
parent: test: fix dbus installation on Arch (diff)
download: systemd-5e16328506e1ec33a33162fc64e762152359efdd.tar.xz
systemd-5e16328506e1ec33a33162fc64e762152359efdd.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
index 14458260c6..49b4c3b8cc 100644
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -272,6 +272,7 @@ static int help(int argc, char *argv[], void *userdata) {
                "                             specified time\n"
                "     --profile=name|PATH     Include the specified profile in the\n"
                "                             security review of the unit(s)\n"
+               "     --unit=UNIT             Evaluate conditions and asserts of unit\n"
                "     --table                 Output plot's raw time data as a table\n"
                "  -h --help                  Show this help\n"
                "     --version               Show package version\n"
@@ -559,6 +560,10 @@ static int parse_argv(int argc, char *argv[]) {
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Option --offline= is only supported for security right now.");
 
+        if (arg_offline && optind >= argc - 1)
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                       "Option --offline= requires one or more units to perform a security review.");
+
         if (arg_json_format_flags != JSON_FORMAT_OFF && !STRPTR_IN_SET(argv[optind], "security", "inspect-elf", "plot", "fdstore", "pcrs", "architectures", "capability", "exit-status"))
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Option --json= is only supported for security, inspect-elf, plot, fdstore, pcrs, architectures, capability, exit-status right now.");
author	Antonio Alvarez Feijoo <antonio.feijoo@suse.com>	2024-01-11 11:00:37 +0100
committer	Luca Boccassi <luca.boccassi@gmail.com>	2024-01-11 13:19:20 +0100
commit	5e16328506e1ec33a33162fc64e762152359efdd (patch)
tree	b3a98ab6dc1278bdc322891c20dab038b24cab4f /src
parent	test: fix dbus installation on Arch (diff)
download	systemd-5e16328506e1ec33a33162fc64e762152359efdd.tar.xz systemd-5e16328506e1ec33a33162fc64e762152359efdd.zip