summaryrefslogtreecommitdiffstats
path: root/src/analyze (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #18596 from keszybz/systemctl-quiet-legendLennart Poettering2021-02-171-20/+7
|\ | | | | systemctl: hide legends with --quiet, allow overriding
| * tree-wide: add a helper to parse boolean optargZbigniew Jędrzejewski-Szmek2021-02-171-20/+7
| | | | | | | | | | | | | | | | | | This nicely covers the case when optarg is optional. The same parser can be used when the option string passed to getopt_long() requires a parameter and when it doesn't. The error messages are made consistent. Also fixes a log error c&p in --crash-reboot message.
* | Rename unit_times_free to unit_times_free_arrayZbigniew Jędrzejewski-Szmek2021-02-161-6/+6
| | | | | | | | It frees the whole array and the type is UnitTimes not UnitTime.
* | tree-wide: return NULL from freeing functionsZbigniew Jędrzejewski-Szmek2021-02-161-7/+7
| | | | | | | | | | | | I started working on this because I wanted to change how DEFINE_TRIVIAL_CLEANUP_FUNC is defined. Even independently of that change, it's nice to make make things more consistent and predictable.
* | analyze: use typedefs for structs and inline iterator variable declsZbigniew Jędrzejewski-Szmek2021-02-161-79/+73
| |
* | core: split out a few funcs into unit-serialize.[ch]Zbigniew Jędrzejewski-Szmek2021-02-121-0/+1
| | | | | | | | Just a straightforward move and resulting include file adjustments.
* | sd-bus: standarize on NULL for empty signature in method callsZbigniew Jędrzejewski-Szmek2021-02-121-1/+1
|/ | | | | We would use sometimes "" and sometimes NULL. They are equivalent, so let's use NULL everywhere, except for a two places in tests.
* Merge pull request #11484 from keszybz/udevadm-error-logsYu Watanabe2021-02-101-1/+1
|\ | | | | Use real return codes in _from_string() functions
| * tree-wide: propagate error code from _from_string() functionsZbigniew Jędrzejewski-Szmek2021-02-101-1/+1
| | | | | | | | Now that we know we have something useful, no need to make an answer up.
* | analyze: slightly reword PrivatTmp= messageLennart Poettering2021-02-101-1/+1
|/ | | | | | | Apparently there way confusion about "does not apply". Let's say "is not appropriate". Fixes: #13095
* tree-wide: enable colorized logging for daemons when run in consoleYu Watanabe2021-01-311-1/+1
| | | | It may be useful when debugging daemons.
* tree-wide: Drop custom formatting for print() help messagesDaan De Meyer2021-01-311-7/+6
| | | | | | | | | | | | I think this formatting was originally used because it simplified adding new options to the help messages. However, these days, most tools their help message end with "\nSee the %s for details.\n" so the final line almost never has to be edited which eliminates the benefit of the custom formatting used for printf() help messages. Let's make things more consistent and use the same formatting for printf() help messages that we use everywhere else. Prompted by https://github.com/systemd/systemd/pull/18355#discussion_r567241580
* analyze: tighten variable scope used in loopSusant Sahani2021-01-201-4/+2
|
* Merge pull request #18300 from yuwata/analyze-verify-18252Zbigniew Jędrzejewski-Szmek2021-01-191-2/+5
|\ | | | | analyze: resolve executable path if it is relative
| * analyze: resolve executable path if it is relativeYu Watanabe2021-01-181-2/+5
| | | | | | | | Fixes #18252.
* | meson: move test or fuzzer definitions to relevant meson.build in subdirectoriesYu Watanabe2021-01-181-0/+10
|/
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-099-9/+9
|
* analyze: show ungrouped syscalls separately (#17343)Lennart Poettering2020-10-141-3/+28
| | | | | | | | | | This updates the "systemd-analyze syscall-filter" command to show a special section of syscalls that are included in @known but in no other group. Typically this should show syscalls we either should add to any of the existing groups or where we unsure were they best fit in. Right now, it mostly shows arch-specific compat syscalls, we probably should move "@obsolete". This patch doesn't add thta however.
* tree-wide: assorted coccinelle fixesFrantisek Sumsal2020-10-092-6/+5
|
* tree-wide: define iterator inside of the macroZbigniew Jędrzejewski-Szmek2020-09-081-3/+2
|
* analyze: add 'capability' verb for dumping all known and unknown capsLennart Poettering2020-08-281-0/+49
|
* analyze: fix error handling in one caseLennart Poettering2020-08-281-1/+1
|
* analyze: drop pointless zero initializationfangxiuning2020-08-251-1/+1
|
* analyze-verify: drop pointless zero initializationfangxiuning2020-08-251-1/+1
|
* analyze-security: check for ProtectProc=/ProcSubset=Lennart Poettering2020-08-241-0/+62
|
* core: remove support for ConditionNull=Lennart Poettering2020-08-201-3/+1
| | | | | | | | | | The concept is flawed, and mostly useless. Let's finally remove it. It has been deprecated since 90a2ec10f2d43a8530aae856013518eb567c4039 (6 years ago) and we started to warn since 55dadc5c57ef1379dbc984938d124508a454be55 (1.5 years ago). Let's get rid of it altogether.
* analyze: rework condition testingLennart Poettering2020-08-201-77/+28
| | | | | | | Let's drop the private table and just use the generic concepts we have in place already that make the same information available. Fixes: #16781
* analyze-security: include an actual syscall name in the messageZbigniew Jędrzejewski-Szmek2020-08-171-12/+21
| | | | | | This information was already available in the debug output, but I think it is good to include it in the message in the table. This makes it easier to wrap one's head around the allowlist/denylist filtering.
* analyze-security: do not assign badness to filtered-out syscallsZbigniew Jędrzejewski-Szmek2020-08-011-1/+1
| | | | Fixes #16451, https://bugzilla.redhat.com/show_bug.cgi?id=1856273.
* bus: use bus_log_connect_error to print error messagefangxiuning2020-07-211-12/+12
|
* analyze: CAP_RAWIO -> CAP_SYS_RAWIOAnita Zhang2020-07-161-1/+1
| | | | Fixes #16489
* analyze: make testing ConditionPathExistsGlob= workLennart Poettering2020-07-141-2/+5
| | | | | Fixes: #16439 Alternative-To: #16440
* shared: split out code that maps properties to local structsLennart Poettering2020-06-302-0/+2
| | | | Just some refactoring, no code changes.
* shared: actually move all BusLocator related calls to bus-locator.cLennart Poettering2020-06-301-1/+1
|
* tree-wide: avoid some loaded termsLennart Poettering2020-06-251-25/+25
| | | | | | | | | | | | | | | | | | | | | | | | https://tools.ietf.org/html/draft-knodel-terminology-02 https://lwn.net/Articles/823224/ This gets rid of most but not occasions of these loaded terms: 1. scsi_id and friends are something that is supposed to be removed from our tree (see #7594) 2. The test suite defines an API used by the ubuntu CI. We can remove this too later, but this needs to be done in sync with the ubuntu CI. 3. In some cases the terms are part of APIs we call or where we expose concepts the kernel names the way it names them. (In particular all remaining uses of the word "slave" in our codebase are like this, it's used by the POSIX PTY layer, by the network subsystem, the mount API and the block device subsystem). Getting rid of the term in these contexts would mean doing some major fixes of the kernel ABI first. Regarding the replacements: when whitelist/blacklist is used as noun we replace with with allow list/deny list, and when used as verb with allow-list/deny-list.
* log: introduce log_parse_environment_cli() and log_setup_cli()Filipe Brandenburger2020-06-241-3/+1
| | | | | | | | | | | | | | | | Presently, CLI utilities such as systemctl will check whether they have a tty attached or not to decide whether to parse /proc/cmdline or EFI variable SystemdOptions looking for systemd.log_* entries. But this check will be misleading if these tools are being launched by a daemon, such as a monitoring daemon or automation service that runs in background. Make log handling of CLI tools uniform by never checking /proc/cmdline or EFI variables to determine the logging level. Furthermore, introduce a new log_setup_cli() shortcut to set up common options used by most command-line utilities.
* core: create socket service instances with the correct name from the startZbigniew Jędrzejewski-Szmek2020-06-101-17/+7
| | | | | | | | | | | | | | | | | | | | | | Upon an incoming connection for an accepting socket, we'd create a unit like foo@0.service, then figure out that the instance name should be e.g. "0-41-0", and then add the name foo@0-41-0.service to the unit. This obviously violates the rule that any service needs to have a constance instance part. So let's reverse the order: we first determine the instance name and then create the unit with the correct name from the start. There are two cases where we don't know the instance name: - analyze-verify: we just do a quick check that the instance unit can be created. So let's use a bogus instance string. - selinux: the code wants to load the service unit to extract the ExecStart path and query it for the selinux label. Do the same as above. Note that in both cases it is possible that the real unit that is loaded could be different than the one with the bogus instance value, for example if there is a dropin for a specific instance name. We can't do much about this, since we can't figure out the instance name in advance. The old code had the same shortcoming.
* condition: add ConditionEnvironment=Lennart Poettering2020-05-151-2/+2
| | | | | | | Prompted by the discussions in #15180. This is a bit more complex than I hoped, since for PID 1 we need to pass in the synethetic environment block in we generate on demand.
* condition: add ConditionPathIsEncrypted=Lennart Poettering2020-05-151-0/+2
| | | | | | | It's easy to add, and should be pretty useful, in particular as in AssertPathIsEncrypted= as it can be used for checking that some path is encrypted before some service is invoked that might want to place secure material there.
* Merge pull request #15681 from vcaputo/buslocatorVito Caputo2020-05-071-87/+10
|\ | | | | *: switch to BusLocator-oriented helpers
| * analyze: switch to BusLocator-oriented helpersVito Caputo2020-05-071-87/+10
| | | | | | | | Mechanical substitution reducing some verbosity
* | basic/set: let set_put_strdup() create the set with string hash opsZbigniew Jędrzejewski-Szmek2020-05-062-13/+5
|/ | | | | | | | | | | | | | | | | | If we're using a set with _put_strdup(), most of the time we want to use string hash ops on the set, and free the strings when done. This defines the appropriate a new string_hash_ops_free structure to automatically free the keys when removing the set, and makes set_put_strdup() and set_put_strdupv() instantiate the set with those hash ops. hashmap_put_strdup() was already doing something similar. (It is OK to instantiate the set earlier, possibly with a different hash ops structure. set_put_strdup() will then use the existing set. It is also OK to call set_free_free() instead of set_free() on a set with string_hash_ops_free, the effect is the same, we're just overriding the override of the cleanup function.) No functional change intended.
* verify: ignore nonexistent executables if requiredGiedrius Statkevičius2020-04-143-1/+25
| | | | | | | | | | | | | | We provide a way via the '-' symbol to ignore errors when nonexistent executable files are passed to Exec* parameters & so on. In such a case, the flag `EXEC_COMMAND_IGNORE_FAILURE` is set and we go on happily with our life if that happens. However, `systemd-analyze verify` complained about missing executables even in such a case. In such a case it is not an error for this to happen so check if the flag is set before checking if the file is accessible and executable. Add some small tests to check this condition. Closes #15218.
* analyze: fix table time outputHaochen Tong2020-03-091-10/+10
|
* systemd: Fix busctl crash on aarch64 when setting output table formatAlin Popa2020-02-152-3/+3
| | | | | | | | The enum used for column names is integer type while table_set_display() is parsing arguments on size_t alignment which may result in assert in table_set_display() if the size between types missmatch. This patch cast the enums to size_t. It also fixes all other occurences for table_set_display() and table_set_sort().
* analyze: Add ProtectClock= to analyze-securityKevin Kuehler2020-01-261-0/+16
|
* typo: "May modify to" -> "May modify"Wieland Hoffmann2020-01-181-1/+1
|
* Merge pull request #14547 from keszybz/networkctl-matchingYu Watanabe2020-01-151-4/+4
|\ | | | | networkctl: return error or warning when interfaces are not matched
| * basic/strv: drop flags argument from strv_fnmatch()Zbigniew Jędrzejewski-Szmek2020-01-141-4/+4
| |
* | analyze: optimize table creation by using table_add_many()Yu Watanabe2020-01-102-140/+82
|/