analyze: add new security verb
This commit is contained in:
parent
88db94fa57
commit
ec16f3b6dd
2079
src/analyze/analyze-security.c
Normal file
2079
src/analyze/analyze-security.c
Normal file
File diff suppressed because it is too large
Load diff
12
src/analyze/analyze-security.h
Normal file
12
src/analyze/analyze-security.h
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||||
|
#pragma once
|
||||||
|
|
||||||
|
#include "sd-bus.h"
|
||||||
|
|
||||||
|
typedef enum AnalyzeSecurityFlags {
|
||||||
|
ANALYZE_SECURITY_SHORT = 1 << 0,
|
||||||
|
ANALYZE_SECURITY_ONLY_LOADED = 1 << 1,
|
||||||
|
ANALYZE_SECURITY_ONLY_LONG_RUNNING = 1 << 2,
|
||||||
|
} AnalyzeSecurityFlags;
|
||||||
|
|
||||||
|
int analyze_security(sd_bus *bus, char **units, AnalyzeSecurityFlags flags);
|
|
@ -12,6 +12,7 @@
|
||||||
#include "sd-bus.h"
|
#include "sd-bus.h"
|
||||||
|
|
||||||
#include "alloc-util.h"
|
#include "alloc-util.h"
|
||||||
|
#include "analyze-security.h"
|
||||||
#include "analyze-verify.h"
|
#include "analyze-verify.h"
|
||||||
#include "bus-error.h"
|
#include "bus-error.h"
|
||||||
#include "bus-unit-util.h"
|
#include "bus-unit-util.h"
|
||||||
|
@ -1784,6 +1785,19 @@ static int do_verify(int argc, char *argv[], void *userdata) {
|
||||||
return verify_units(strv_skip(argv, 1), arg_scope, arg_man, arg_generators);
|
return verify_units(strv_skip(argv, 1), arg_scope, arg_man, arg_generators);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int do_security(int argc, char *argv[], void *userdata) {
|
||||||
|
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
r = acquire_bus(&bus, NULL);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to create bus connection: %m");
|
||||||
|
|
||||||
|
(void) pager_open(arg_pager_flags);
|
||||||
|
|
||||||
|
return analyze_security(bus, strv_skip(argv, 1), 0);
|
||||||
|
}
|
||||||
|
|
||||||
static int help(int argc, char *argv[], void *userdata) {
|
static int help(int argc, char *argv[], void *userdata) {
|
||||||
_cleanup_free_ char *link = NULL;
|
_cleanup_free_ char *link = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
@ -1828,6 +1842,7 @@ static int help(int argc, char *argv[], void *userdata) {
|
||||||
" calendar SPEC... Validate repetitive calendar time events\n"
|
" calendar SPEC... Validate repetitive calendar time events\n"
|
||||||
" service-watchdogs [BOOL] Get/set service watchdog state\n"
|
" service-watchdogs [BOOL] Get/set service watchdog state\n"
|
||||||
" timespan SPAN... Validate a time span\n"
|
" timespan SPAN... Validate a time span\n"
|
||||||
|
" security [UNIT...] Analyze security of unit\n"
|
||||||
"\nSee the %s for details.\n"
|
"\nSee the %s for details.\n"
|
||||||
, program_invocation_short_name
|
, program_invocation_short_name
|
||||||
, link
|
, link
|
||||||
|
@ -2015,6 +2030,7 @@ static int run(int argc, char *argv[]) {
|
||||||
{ "calendar", 2, VERB_ANY, 0, test_calendar },
|
{ "calendar", 2, VERB_ANY, 0, test_calendar },
|
||||||
{ "service-watchdogs", VERB_ANY, 2, 0, service_watchdogs },
|
{ "service-watchdogs", VERB_ANY, 2, 0, service_watchdogs },
|
||||||
{ "timespan", 2, VERB_ANY, 0, dump_timespan },
|
{ "timespan", 2, VERB_ANY, 0, dump_timespan },
|
||||||
|
{ "security", VERB_ANY, VERB_ANY, 0, do_security },
|
||||||
{}
|
{}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -4,4 +4,6 @@ systemd_analyze_sources = files('''
|
||||||
analyze.c
|
analyze.c
|
||||||
analyze-verify.c
|
analyze-verify.c
|
||||||
analyze-verify.h
|
analyze-verify.h
|
||||||
|
analyze-security.c
|
||||||
|
analyze-security.h
|
||||||
'''.split())
|
'''.split())
|
||||||
|
|
Loading…
Reference in a new issue