From 5e16328506e1ec33a33162fc64e762152359efdd Mon Sep 17 00:00:00 2001 From: Antonio Alvarez Feijoo Date: Thu, 11 Jan 2024 11:00:37 +0100 Subject: analyze: clarify that `security --offline=true` requires an argument Without `--root` or `--image`, the `security` command inspects all currently loaded service units if no unit name is specified. But with `--root` or `--image` with `--offline=true`, the `security` command exits silently if no unit name is specified. Also, fixed description of `--root` and `--image` in the man page, and added missing `--unit` option to help text. --- src/analyze/analyze.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src') diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c index 14458260c6..49b4c3b8cc 100644 --- a/src/analyze/analyze.c +++ b/src/analyze/analyze.c @@ -272,6 +272,7 @@ static int help(int argc, char *argv[], void *userdata) { " specified time\n" " --profile=name|PATH Include the specified profile in the\n" " security review of the unit(s)\n" + " --unit=UNIT Evaluate conditions and asserts of unit\n" " --table Output plot's raw time data as a table\n" " -h --help Show this help\n" " --version Show package version\n" @@ -559,6 +560,10 @@ static int parse_argv(int argc, char *argv[]) { return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --offline= is only supported for security right now."); + if (arg_offline && optind >= argc - 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Option --offline= requires one or more units to perform a security review."); + if (arg_json_format_flags != JSON_FORMAT_OFF && !STRPTR_IN_SET(argv[optind], "security", "inspect-elf", "plot", "fdstore", "pcrs", "architectures", "capability", "exit-status")) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --json= is only supported for security, inspect-elf, plot, fdstore, pcrs, architectures, capability, exit-status right now."); -- cgit v1.2.3