1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 Copyright © 2013 Simon Peeters
14 #include "alloc-util.h"
16 #include "analyze-calendar.h"
17 #include "analyze-condition.h"
18 #include "analyze-dot.h"
19 #include "analyze-dump.h"
20 #include "analyze-elf.h"
21 #include "analyze-filesystems.h"
22 #include "analyze-security.h"
23 #include "analyze-service-watchdogs.h"
24 #include "analyze-syscall-filter.h"
25 #include "analyze-timespan.h"
26 #include "analyze-timestamp.h"
27 #include "analyze-verify.h"
28 #include "bus-error.h"
29 #include "bus-locator.h"
30 #include "bus-map-properties.h"
31 #include "bus-unit-util.h"
32 #include "calendarspec.h"
34 #include "capability-util.h"
35 #include "conf-files.h"
38 #include "exit-status.h"
39 #include "extract-word.h"
42 #include "filesystems.h"
43 #include "format-table.h"
44 #include "glob-util.h"
46 #include "locale-util.h"
48 #include "main-func.h"
49 #include "mount-util.h"
50 #include "nulstr-util.h"
52 #include "parse-argument.h"
53 #include "parse-util.h"
54 #include "path-util.h"
55 #include "pretty-print.h"
58 # include "seccomp-util.h"
60 #include "sort-util.h"
62 #include "stat-util.h"
63 #include "string-table.h"
66 #include "terminal-util.h"
67 #include "time-util.h"
68 #include "tmpfile-util.h"
69 #include "unit-name.h"
71 #include "verb-log-control.h"
75 #define SCALE_X (0.1 / 1000.0) /* pixels per us */
76 #define SCALE_Y (20.0)
78 #define svg(...) printf(__VA_ARGS__)
80 #define svg_bar(class, x1, x2, y) \
81 svg(" <rect class=\"%s\" x=\"%.03f\" y=\"%.03f\" width=\"%.03f\" height=\"%.03f\" />\n", \
83 SCALE_X * (x1), SCALE_Y * (y), \
84 SCALE_X * ((x2) - (x1)), SCALE_Y - 1.0)
86 #define svg_text(b, x, y, format, ...) \
88 svg(" <text class=\"%s\" x=\"%.03f\" y=\"%.03f\">", (b) ? "left" : "right", SCALE_X * (x) + (b ? 5.0 : -5.0), SCALE_Y * (y) + 14.0); \
89 svg(format, ## __VA_ARGS__); \
93 DotMode arg_dot
= DEP_ALL
;
94 char **arg_dot_from_patterns
= NULL
, **arg_dot_to_patterns
= NULL
;
95 static usec_t arg_fuzz
= 0;
96 PagerFlags arg_pager_flags
= 0;
97 BusTransport arg_transport
= BUS_TRANSPORT_LOCAL
;
98 static const char *arg_host
= NULL
;
99 static UnitFileScope arg_scope
= UNIT_FILE_SYSTEM
;
100 static RecursiveErrors arg_recursive_errors
= RECURSIVE_ERRORS_YES
;
101 static bool arg_man
= true;
102 static bool arg_generators
= false;
103 static char *arg_root
= NULL
;
104 static char *arg_image
= NULL
;
105 static char *arg_security_policy
= NULL
;
106 static bool arg_offline
= false;
107 static unsigned arg_threshold
= 100;
108 unsigned arg_iterations
= 1;
109 usec_t arg_base_time
= USEC_INFINITY
;
110 static char *arg_unit
= NULL
;
111 static JsonFormatFlags arg_json_format_flags
= JSON_FORMAT_OFF
;
112 bool arg_quiet
= false;
113 static char *arg_profile
= NULL
;
115 STATIC_DESTRUCTOR_REGISTER(arg_dot_from_patterns
, strv_freep
);
116 STATIC_DESTRUCTOR_REGISTER(arg_dot_to_patterns
, strv_freep
);
117 STATIC_DESTRUCTOR_REGISTER(arg_root
, freep
);
118 STATIC_DESTRUCTOR_REGISTER(arg_image
, freep
);
119 STATIC_DESTRUCTOR_REGISTER(arg_security_policy
, freep
);
120 STATIC_DESTRUCTOR_REGISTER(arg_unit
, freep
);
121 STATIC_DESTRUCTOR_REGISTER(arg_profile
, freep
);
123 typedef struct BootTimes
{
124 usec_t firmware_time
;
127 usec_t kernel_done_time
;
129 usec_t userspace_time
;
131 usec_t security_start_time
;
132 usec_t security_finish_time
;
133 usec_t generators_start_time
;
134 usec_t generators_finish_time
;
135 usec_t unitsload_start_time
;
136 usec_t unitsload_finish_time
;
137 usec_t initrd_security_start_time
;
138 usec_t initrd_security_finish_time
;
139 usec_t initrd_generators_start_time
;
140 usec_t initrd_generators_finish_time
;
141 usec_t initrd_unitsload_start_time
;
142 usec_t initrd_unitsload_finish_time
;
145 * If we're analyzing the user instance, all timestamps will be offset
146 * by its own start-up timestamp, which may be arbitrarily big.
147 * With "plot", this causes arbitrarily wide output SVG files which almost
148 * completely consist of empty space. Thus we cancel out this offset.
150 * This offset is subtracted from times above by acquire_boot_times(),
151 * but it still needs to be subtracted from unit-specific timestamps
152 * (so it is stored here for reference).
154 usec_t reverse_offset
;
157 typedef struct UnitTimes
{
167 typedef struct HostInfo
{
170 char *kernel_release
;
171 char *kernel_version
;
172 char *os_pretty_name
;
173 char *virtualization
;
177 int acquire_bus(sd_bus
**bus
, bool *use_full_bus
) {
178 bool user
= arg_scope
!= UNIT_FILE_SYSTEM
;
181 if (use_full_bus
&& *use_full_bus
) {
182 r
= bus_connect_transport(arg_transport
, arg_host
, user
, bus
);
183 if (IN_SET(r
, 0, -EHOSTDOWN
))
186 *use_full_bus
= false;
189 return bus_connect_transport_systemd(arg_transport
, arg_host
, user
, bus
);
192 static int bus_get_uint64_property(sd_bus
*bus
, const char *path
, const char *interface
, const char *property
, uint64_t *val
) {
193 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
202 r
= sd_bus_get_property_trivial(
204 "org.freedesktop.systemd1",
212 return log_error_errno(r
, "Failed to parse reply: %s", bus_error_message(&error
, r
));
217 int bus_get_unit_property_strv(sd_bus
*bus
, const char *path
, const char *property
, char ***strv
) {
218 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
226 r
= sd_bus_get_property_strv(
228 "org.freedesktop.systemd1",
230 "org.freedesktop.systemd1.Unit",
235 return log_error_errno(r
, "Failed to get unit property %s: %s", property
, bus_error_message(&error
, r
));
240 static int compare_unit_start(const UnitTimes
*a
, const UnitTimes
*b
) {
241 return CMP(a
->activating
, b
->activating
);
244 static int process_aliases(char *argv
[], char *tempdir
, char ***ret
) {
245 _cleanup_strv_free_
char **filenames
= NULL
;
253 STRV_FOREACH(filename
, strv_skip(argv
, 1)) {
254 _cleanup_free_
char *src
= NULL
, *dst
= NULL
, *base
= NULL
;
255 const char *parse_arg
;
257 parse_arg
= *filename
;
258 r
= extract_first_word(&parse_arg
, &src
, ":", EXTRACT_DONT_COALESCE_SEPARATORS
|EXTRACT_RETAIN_ESCAPE
);
263 r
= strv_consume(&filenames
, TAKE_PTR(src
));
270 r
= path_extract_filename(parse_arg
, &base
);
274 dst
= path_join(tempdir
, base
);
278 r
= copy_file(src
, dst
, 0, 0644, 0, 0, COPY_REFLINK
);
282 r
= strv_consume(&filenames
, TAKE_PTR(dst
));
287 *ret
= TAKE_PTR(filenames
);
291 static UnitTimes
* unit_times_free_array(UnitTimes
*t
) {
292 for (UnitTimes
*p
= t
; p
&& p
->has_data
; p
++)
296 DEFINE_TRIVIAL_CLEANUP_FUNC(UnitTimes
*, unit_times_free_array
);
298 static void subtract_timestamp(usec_t
*a
, usec_t b
) {
307 static int acquire_boot_times(sd_bus
*bus
, BootTimes
**bt
) {
308 static const struct bus_properties_map property_map
[] = {
309 { "FirmwareTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, firmware_time
) },
310 { "LoaderTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, loader_time
) },
311 { "KernelTimestamp", "t", NULL
, offsetof(BootTimes
, kernel_time
) },
312 { "InitRDTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, initrd_time
) },
313 { "UserspaceTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, userspace_time
) },
314 { "FinishTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, finish_time
) },
315 { "SecurityStartTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, security_start_time
) },
316 { "SecurityFinishTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, security_finish_time
) },
317 { "GeneratorsStartTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, generators_start_time
) },
318 { "GeneratorsFinishTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, generators_finish_time
) },
319 { "UnitsLoadStartTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, unitsload_start_time
) },
320 { "UnitsLoadFinishTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, unitsload_finish_time
) },
321 { "InitRDSecurityStartTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, initrd_security_start_time
) },
322 { "InitRDSecurityFinishTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, initrd_security_finish_time
) },
323 { "InitRDGeneratorsStartTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, initrd_generators_start_time
) },
324 { "InitRDGeneratorsFinishTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, initrd_generators_finish_time
) },
325 { "InitRDUnitsLoadStartTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, initrd_unitsload_start_time
) },
326 { "InitRDUnitsLoadFinishTimestampMonotonic", "t", NULL
, offsetof(BootTimes
, initrd_unitsload_finish_time
) },
329 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
330 static BootTimes times
;
331 static bool cached
= false;
337 assert_cc(sizeof(usec_t
) == sizeof(uint64_t));
339 r
= bus_map_all_properties(
341 "org.freedesktop.systemd1",
342 "/org/freedesktop/systemd1",
349 return log_error_errno(r
, "Failed to get timestamp properties: %s", bus_error_message(&error
, r
));
351 if (times
.finish_time
<= 0)
352 return log_error_errno(SYNTHETIC_ERRNO(EINPROGRESS
),
353 "Bootup is not yet finished (org.freedesktop.systemd1.Manager.FinishTimestampMonotonic=%"PRIu64
").\n"
354 "Please try again later.\n"
355 "Hint: Use 'systemctl%s list-jobs' to see active jobs",
357 arg_scope
== UNIT_FILE_SYSTEM
? "" : " --user");
359 if (arg_scope
== UNIT_FILE_SYSTEM
&& times
.security_start_time
> 0) {
360 /* security_start_time is set when systemd is not running under container environment. */
361 if (times
.initrd_time
> 0)
362 times
.kernel_done_time
= times
.initrd_time
;
364 times
.kernel_done_time
= times
.userspace_time
;
367 * User-instance-specific or container-system-specific timestamps processing
368 * (see comment to reverse_offset in BootTimes).
370 times
.reverse_offset
= times
.userspace_time
;
372 times
.firmware_time
= times
.loader_time
= times
.kernel_time
= times
.initrd_time
=
373 times
.userspace_time
= times
.security_start_time
= times
.security_finish_time
= 0;
375 subtract_timestamp(×
.finish_time
, times
.reverse_offset
);
377 subtract_timestamp(×
.generators_start_time
, times
.reverse_offset
);
378 subtract_timestamp(×
.generators_finish_time
, times
.reverse_offset
);
380 subtract_timestamp(×
.unitsload_start_time
, times
.reverse_offset
);
381 subtract_timestamp(×
.unitsload_finish_time
, times
.reverse_offset
);
391 static HostInfo
* free_host_info(HostInfo
*hi
) {
396 free(hi
->kernel_name
);
397 free(hi
->kernel_release
);
398 free(hi
->kernel_version
);
399 free(hi
->os_pretty_name
);
400 free(hi
->virtualization
);
401 free(hi
->architecture
);
405 DEFINE_TRIVIAL_CLEANUP_FUNC(HostInfo
*, free_host_info
);
407 static int acquire_time_data(sd_bus
*bus
, UnitTimes
**out
) {
408 static const struct bus_properties_map property_map
[] = {
409 { "InactiveExitTimestampMonotonic", "t", NULL
, offsetof(UnitTimes
, activating
) },
410 { "ActiveEnterTimestampMonotonic", "t", NULL
, offsetof(UnitTimes
, activated
) },
411 { "ActiveExitTimestampMonotonic", "t", NULL
, offsetof(UnitTimes
, deactivating
) },
412 { "InactiveEnterTimestampMonotonic", "t", NULL
, offsetof(UnitTimes
, deactivated
) },
415 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
416 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
417 _cleanup_(unit_times_free_arrayp
) UnitTimes
*unit_times
= NULL
;
418 BootTimes
*boot_times
= NULL
;
423 r
= acquire_boot_times(bus
, &boot_times
);
427 r
= bus_call_method(bus
, bus_systemd_mgr
, "ListUnits", &error
, &reply
, NULL
);
429 return log_error_errno(r
, "Failed to list units: %s", bus_error_message(&error
, r
));
431 r
= sd_bus_message_enter_container(reply
, SD_BUS_TYPE_ARRAY
, "(ssssssouso)");
433 return bus_log_parse_error(r
);
435 while ((r
= bus_parse_unit_info(reply
, &u
)) > 0) {
438 if (!GREEDY_REALLOC(unit_times
, c
+ 2))
441 unit_times
[c
+ 1].has_data
= false;
445 assert_cc(sizeof(usec_t
) == sizeof(uint64_t));
447 r
= bus_map_all_properties(
449 "org.freedesktop.systemd1",
457 return log_error_errno(r
, "Failed to get timestamp properties of unit %s: %s",
458 u
.id
, bus_error_message(&error
, r
));
460 subtract_timestamp(&t
->activating
, boot_times
->reverse_offset
);
461 subtract_timestamp(&t
->activated
, boot_times
->reverse_offset
);
462 subtract_timestamp(&t
->deactivating
, boot_times
->reverse_offset
);
463 subtract_timestamp(&t
->deactivated
, boot_times
->reverse_offset
);
465 if (t
->activated
>= t
->activating
)
466 t
->time
= t
->activated
- t
->activating
;
467 else if (t
->deactivated
>= t
->activating
)
468 t
->time
= t
->deactivated
- t
->activating
;
472 if (t
->activating
== 0)
475 t
->name
= strdup(u
.id
);
483 return bus_log_parse_error(r
);
485 *out
= TAKE_PTR(unit_times
);
489 static int acquire_host_info(sd_bus
*bus
, HostInfo
**hi
) {
490 static const struct bus_properties_map hostname_map
[] = {
491 { "Hostname", "s", NULL
, offsetof(HostInfo
, hostname
) },
492 { "KernelName", "s", NULL
, offsetof(HostInfo
, kernel_name
) },
493 { "KernelRelease", "s", NULL
, offsetof(HostInfo
, kernel_release
) },
494 { "KernelVersion", "s", NULL
, offsetof(HostInfo
, kernel_version
) },
495 { "OperatingSystemPrettyName", "s", NULL
, offsetof(HostInfo
, os_pretty_name
) },
499 static const struct bus_properties_map manager_map
[] = {
500 { "Virtualization", "s", NULL
, offsetof(HostInfo
, virtualization
) },
501 { "Architecture", "s", NULL
, offsetof(HostInfo
, architecture
) },
505 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
506 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*system_bus
= NULL
;
507 _cleanup_(free_host_infop
) HostInfo
*host
= NULL
;
510 host
= new0(HostInfo
, 1);
514 if (arg_scope
!= UNIT_FILE_SYSTEM
) {
515 r
= bus_connect_transport(arg_transport
, arg_host
, false, &system_bus
);
517 log_debug_errno(r
, "Failed to connect to system bus, ignoring: %m");
522 r
= bus_map_all_properties(
524 "org.freedesktop.hostname1",
525 "/org/freedesktop/hostname1",
532 log_debug_errno(r
, "Failed to get host information from systemd-hostnamed, ignoring: %s",
533 bus_error_message(&error
, r
));
534 sd_bus_error_free(&error
);
538 r
= bus_map_all_properties(
540 "org.freedesktop.systemd1",
541 "/org/freedesktop/systemd1",
548 return log_error_errno(r
, "Failed to get host information from systemd: %s",
549 bus_error_message(&error
, r
));
551 *hi
= TAKE_PTR(host
);
555 static int pretty_boot_time(sd_bus
*bus
, char **_buf
) {
557 static char buf
[4096];
561 usec_t activated_time
= USEC_INFINITY
;
562 _cleanup_free_
char *path
= NULL
, *unit_id
= NULL
;
563 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
565 r
= acquire_boot_times(bus
, &t
);
569 path
= unit_dbus_path_from_name(SPECIAL_DEFAULT_TARGET
);
573 r
= sd_bus_get_property_string(
575 "org.freedesktop.systemd1",
577 "org.freedesktop.systemd1.Unit",
582 log_error_errno(r
, "default.target doesn't seem to exist: %s", bus_error_message(&error
, r
));
586 r
= bus_get_uint64_property(bus
, path
,
587 "org.freedesktop.systemd1.Unit",
588 "ActiveEnterTimestampMonotonic",
591 log_info_errno(r
, "Could not get time to reach default.target, ignoring: %m");
592 activated_time
= USEC_INFINITY
;
598 size
= strpcpyf(&ptr
, size
, "Startup finished in ");
599 if (t
->firmware_time
> 0)
600 size
= strpcpyf(&ptr
, size
, "%s (firmware) + ", FORMAT_TIMESPAN(t
->firmware_time
- t
->loader_time
, USEC_PER_MSEC
));
601 if (t
->loader_time
> 0)
602 size
= strpcpyf(&ptr
, size
, "%s (loader) + ", FORMAT_TIMESPAN(t
->loader_time
, USEC_PER_MSEC
));
603 if (t
->kernel_done_time
> 0)
604 size
= strpcpyf(&ptr
, size
, "%s (kernel) + ", FORMAT_TIMESPAN(t
->kernel_done_time
, USEC_PER_MSEC
));
605 if (t
->initrd_time
> 0)
606 size
= strpcpyf(&ptr
, size
, "%s (initrd) + ", FORMAT_TIMESPAN(t
->userspace_time
- t
->initrd_time
, USEC_PER_MSEC
));
608 size
= strpcpyf(&ptr
, size
, "%s (userspace) ", FORMAT_TIMESPAN(t
->finish_time
- t
->userspace_time
, USEC_PER_MSEC
));
609 if (t
->kernel_done_time
> 0)
610 strpcpyf(&ptr
, size
, "= %s ", FORMAT_TIMESPAN(t
->firmware_time
+ t
->finish_time
, USEC_PER_MSEC
));
612 if (unit_id
&& timestamp_is_set(activated_time
)) {
613 usec_t base
= t
->userspace_time
> 0 ? t
->userspace_time
: t
->reverse_offset
;
615 size
= strpcpyf(&ptr
, size
, "\n%s reached after %s in userspace", unit_id
,
616 FORMAT_TIMESPAN(activated_time
- base
, USEC_PER_MSEC
));
617 } else if (unit_id
&& activated_time
== 0)
618 size
= strpcpyf(&ptr
, size
, "\n%s was never reached", unit_id
);
619 else if (unit_id
&& activated_time
== USEC_INFINITY
)
620 size
= strpcpyf(&ptr
, size
, "\nCould not get time to reach %s.", unit_id
);
622 size
= strpcpyf(&ptr
, size
, "\ncould not find default.target");
632 static void svg_graph_box(double height
, double begin
, double end
) {
633 /* outside box, fill */
634 svg("<rect class=\"box\" x=\"0\" y=\"0\" width=\"%.03f\" height=\"%.03f\" />\n",
635 SCALE_X
* (end
- begin
),
638 for (long long i
= ((long long) (begin
/ 100000)) * 100000; i
<= end
; i
+= 100000) {
639 /* lines for each second */
640 if (i
% 5000000 == 0)
641 svg(" <line class=\"sec5\" x1=\"%.03f\" y1=\"0\" x2=\"%.03f\" y2=\"%.03f\" />\n"
642 " <text class=\"sec\" x=\"%.03f\" y=\"%.03f\" >%.01fs</text>\n",
649 else if (i
% 1000000 == 0)
650 svg(" <line class=\"sec1\" x1=\"%.03f\" y1=\"0\" x2=\"%.03f\" y2=\"%.03f\" />\n"
651 " <text class=\"sec\" x=\"%.03f\" y=\"%.03f\" >%.01fs</text>\n",
659 svg(" <line class=\"sec01\" x1=\"%.03f\" y1=\"0\" x2=\"%.03f\" y2=\"%.03f\" />\n",
666 static int plot_unit_times(UnitTimes
*u
, double width
, int y
) {
672 svg_bar("activating", u
->activating
, u
->activated
, y
);
673 svg_bar("active", u
->activated
, u
->deactivating
, y
);
674 svg_bar("deactivating", u
->deactivating
, u
->deactivated
, y
);
676 /* place the text on the left if we have passed the half of the svg width */
677 b
= u
->activating
* SCALE_X
< width
/ 2;
679 svg_text(b
, u
->activating
, y
, "%s (%s)",
680 u
->name
, FORMAT_TIMESPAN(u
->time
, USEC_PER_MSEC
));
682 svg_text(b
, u
->activating
, y
, "%s", u
->name
);
687 static int analyze_plot(int argc
, char *argv
[], void *userdata
) {
688 _cleanup_(free_host_infop
) HostInfo
*host
= NULL
;
689 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
690 _cleanup_(unit_times_free_arrayp
) UnitTimes
*times
= NULL
;
691 _cleanup_free_
char *pretty_times
= NULL
;
692 bool use_full_bus
= arg_scope
== UNIT_FILE_SYSTEM
;
695 int n
, m
= 1, y
= 0, r
;
698 r
= acquire_bus(&bus
, &use_full_bus
);
700 return bus_log_connect_error(r
, arg_transport
);
702 n
= acquire_boot_times(bus
, &boot
);
706 n
= pretty_boot_time(bus
, &pretty_times
);
710 if (use_full_bus
|| arg_scope
!= UNIT_FILE_SYSTEM
) {
711 n
= acquire_host_info(bus
, &host
);
716 n
= acquire_time_data(bus
, ×
);
720 typesafe_qsort(times
, n
, compare_unit_start
);
722 width
= SCALE_X
* (boot
->firmware_time
+ boot
->finish_time
);
726 if (boot
->firmware_time
> boot
->loader_time
)
728 if (boot
->loader_time
> 0) {
733 if (boot
->initrd_time
> 0)
735 if (boot
->kernel_done_time
> 0)
738 for (u
= times
; u
->has_data
; u
++) {
739 double text_start
, text_width
;
741 if (u
->activating
> boot
->finish_time
) {
742 u
->name
= mfree(u
->name
);
746 /* If the text cannot fit on the left side then
747 * increase the svg width so it fits on the right.
748 * TODO: calculate the text width more accurately */
749 text_width
= 8.0 * strlen(u
->name
);
750 text_start
= (boot
->firmware_time
+ u
->activating
) * SCALE_X
;
751 if (text_width
> text_start
&& text_width
+ text_start
> width
)
752 width
= text_width
+ text_start
;
754 if (u
->deactivated
> u
->activating
&&
755 u
->deactivated
<= boot
->finish_time
&&
756 u
->activated
== 0 && u
->deactivating
== 0)
757 u
->activated
= u
->deactivating
= u
->deactivated
;
758 if (u
->activated
< u
->activating
|| u
->activated
> boot
->finish_time
)
759 u
->activated
= boot
->finish_time
;
760 if (u
->deactivating
< u
->activated
|| u
->deactivating
> boot
->finish_time
)
761 u
->deactivating
= boot
->finish_time
;
762 if (u
->deactivated
< u
->deactivating
|| u
->deactivated
> boot
->finish_time
)
763 u
->deactivated
= boot
->finish_time
;
767 svg("<?xml version=\"1.0\" standalone=\"no\"?>\n"
768 "<!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" "
769 "\"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\">\n");
771 svg("<svg width=\"%.0fpx\" height=\"%.0fpx\" version=\"1.1\" "
772 "xmlns=\"http://www.w3.org/2000/svg\">\n\n",
773 80.0 + width
, 150.0 + (m
* SCALE_Y
) +
774 5 * SCALE_Y
/* legend */);
776 /* write some basic info as a comment, including some help */
777 svg("<!-- This file is a systemd-analyze SVG file. It is best rendered in a -->\n"
778 "<!-- browser such as Chrome, Chromium or Firefox. Other applications -->\n"
779 "<!-- that render these files properly but much slower are ImageMagick, -->\n"
780 "<!-- gimp, inkscape, etc. To display the files on your system, just -->\n"
781 "<!-- point your browser to this file. -->\n\n"
782 "<!-- This plot was generated by systemd-analyze version %-16.16s -->\n\n", GIT_VERSION
);
785 svg("<defs>\n <style type=\"text/css\">\n <![CDATA[\n"
786 " rect { stroke-width: 1; stroke-opacity: 0; }\n"
787 " rect.background { fill: rgb(255,255,255); }\n"
788 " rect.activating { fill: rgb(255,0,0); fill-opacity: 0.7; }\n"
789 " rect.active { fill: rgb(200,150,150); fill-opacity: 0.7; }\n"
790 " rect.deactivating { fill: rgb(150,100,100); fill-opacity: 0.7; }\n"
791 " rect.kernel { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
792 " rect.initrd { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
793 " rect.firmware { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
794 " rect.loader { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
795 " rect.userspace { fill: rgb(150,150,150); fill-opacity: 0.7; }\n"
796 " rect.security { fill: rgb(144,238,144); fill-opacity: 0.7; }\n"
797 " rect.generators { fill: rgb(102,204,255); fill-opacity: 0.7; }\n"
798 " rect.unitsload { fill: rgb( 82,184,255); fill-opacity: 0.7; }\n"
799 " rect.box { fill: rgb(240,240,240); stroke: rgb(192,192,192); }\n"
800 " line { stroke: rgb(64,64,64); stroke-width: 1; }\n"
802 " line.sec5 { stroke-width: 2; }\n"
803 " line.sec01 { stroke: rgb(224,224,224); stroke-width: 1; }\n"
804 " text { font-family: Verdana, Helvetica; font-size: 14px; }\n"
805 " text.left { font-family: Verdana, Helvetica; font-size: 14px; text-anchor: start; }\n"
806 " text.right { font-family: Verdana, Helvetica; font-size: 14px; text-anchor: end; }\n"
807 " text.sec { font-size: 10px; }\n"
808 " ]]>\n </style>\n</defs>\n\n");
810 svg("<rect class=\"background\" width=\"100%%\" height=\"100%%\" />\n");
811 svg("<text x=\"20\" y=\"50\">%s</text>", pretty_times
);
813 svg("<text x=\"20\" y=\"30\">%s %s (%s %s %s) %s %s</text>",
814 isempty(host
->os_pretty_name
) ? "Linux" : host
->os_pretty_name
,
815 strempty(host
->hostname
),
816 strempty(host
->kernel_name
),
817 strempty(host
->kernel_release
),
818 strempty(host
->kernel_version
),
819 strempty(host
->architecture
),
820 strempty(host
->virtualization
));
822 svg("<g transform=\"translate(%.3f,100)\">\n", 20.0 + (SCALE_X
* boot
->firmware_time
));
823 svg_graph_box(m
, -(double) boot
->firmware_time
, boot
->finish_time
);
825 if (boot
->firmware_time
> 0) {
826 svg_bar("firmware", -(double) boot
->firmware_time
, -(double) boot
->loader_time
, y
);
827 svg_text(true, -(double) boot
->firmware_time
, y
, "firmware");
830 if (boot
->loader_time
> 0) {
831 svg_bar("loader", -(double) boot
->loader_time
, 0, y
);
832 svg_text(true, -(double) boot
->loader_time
, y
, "loader");
835 if (boot
->kernel_done_time
> 0) {
836 svg_bar("kernel", 0, boot
->kernel_done_time
, y
);
837 svg_text(true, 0, y
, "kernel");
840 if (boot
->initrd_time
> 0) {
841 svg_bar("initrd", boot
->initrd_time
, boot
->userspace_time
, y
);
842 if (boot
->initrd_security_start_time
< boot
->initrd_security_finish_time
)
843 svg_bar("security", boot
->initrd_security_start_time
, boot
->initrd_security_finish_time
, y
);
844 if (boot
->initrd_generators_start_time
< boot
->initrd_generators_finish_time
)
845 svg_bar("generators", boot
->initrd_generators_start_time
, boot
->initrd_generators_finish_time
, y
);
846 if (boot
->initrd_unitsload_start_time
< boot
->initrd_unitsload_finish_time
)
847 svg_bar("unitsload", boot
->initrd_unitsload_start_time
, boot
->initrd_unitsload_finish_time
, y
);
848 svg_text(true, boot
->initrd_time
, y
, "initrd");
852 for (u
= times
; u
->has_data
; u
++) {
853 if (u
->activating
>= boot
->userspace_time
)
856 y
+= plot_unit_times(u
, width
, y
);
859 svg_bar("active", boot
->userspace_time
, boot
->finish_time
, y
);
860 if (boot
->security_start_time
> 0)
861 svg_bar("security", boot
->security_start_time
, boot
->security_finish_time
, y
);
862 svg_bar("generators", boot
->generators_start_time
, boot
->generators_finish_time
, y
);
863 svg_bar("unitsload", boot
->unitsload_start_time
, boot
->unitsload_finish_time
, y
);
864 svg_text(true, boot
->userspace_time
, y
, "systemd");
867 for (; u
->has_data
; u
++)
868 y
+= plot_unit_times(u
, width
, y
);
873 svg("<g transform=\"translate(20,100)\">\n");
875 svg_bar("activating", 0, 300000, y
);
876 svg_text(true, 400000, y
, "Activating");
878 svg_bar("active", 0, 300000, y
);
879 svg_text(true, 400000, y
, "Active");
881 svg_bar("deactivating", 0, 300000, y
);
882 svg_text(true, 400000, y
, "Deactivating");
884 if (boot
->security_start_time
> 0) {
885 svg_bar("security", 0, 300000, y
);
886 svg_text(true, 400000, y
, "Setting up security module");
889 svg_bar("generators", 0, 300000, y
);
890 svg_text(true, 400000, y
, "Generators");
892 svg_bar("unitsload", 0, 300000, y
);
893 svg_text(true, 400000, y
, "Loading unit files");
903 static int list_dependencies_print(
911 for (unsigned i
= level
; i
!= 0; i
--)
912 printf("%s", special_glyph(branches
& (1 << (i
-1)) ? SPECIAL_GLYPH_TREE_VERTICAL
: SPECIAL_GLYPH_TREE_SPACE
));
914 printf("%s", special_glyph(last
? SPECIAL_GLYPH_TREE_RIGHT
: SPECIAL_GLYPH_TREE_BRANCH
));
918 printf("%s%s @%s +%s%s", ansi_highlight_red(), name
,
919 FORMAT_TIMESPAN(times
->activating
- boot
->userspace_time
, USEC_PER_MSEC
),
920 FORMAT_TIMESPAN(times
->time
, USEC_PER_MSEC
), ansi_normal());
921 else if (times
->activated
> boot
->userspace_time
)
922 printf("%s @%s", name
, FORMAT_TIMESPAN(times
->activated
- boot
->userspace_time
, USEC_PER_MSEC
));
932 static int list_dependencies_get_dependencies(sd_bus
*bus
, const char *name
, char ***deps
) {
933 _cleanup_free_
char *path
= NULL
;
939 path
= unit_dbus_path_from_name(name
);
943 return bus_get_unit_property_strv(bus
, path
, "After", deps
);
946 static Hashmap
*unit_times_hashmap
;
948 static int list_dependencies_compare(char *const *a
, char *const *b
) {
949 usec_t usa
= 0, usb
= 0;
952 times
= hashmap_get(unit_times_hashmap
, *a
);
954 usa
= times
->activated
;
955 times
= hashmap_get(unit_times_hashmap
, *b
);
957 usb
= times
->activated
;
959 return CMP(usb
, usa
);
962 static bool times_in_range(const UnitTimes
*times
, const BootTimes
*boot
) {
963 return times
&& times
->activated
> 0 && times
->activated
<= boot
->finish_time
;
966 static int list_dependencies_one(sd_bus
*bus
, const char *name
, unsigned level
, char ***units
, unsigned branches
) {
967 _cleanup_strv_free_
char **deps
= NULL
;
970 usec_t service_longest
= 0;
975 if (strv_extend(units
, name
))
978 r
= list_dependencies_get_dependencies(bus
, name
, &deps
);
982 typesafe_qsort(deps
, strv_length(deps
), list_dependencies_compare
);
984 r
= acquire_boot_times(bus
, &boot
);
988 STRV_FOREACH(c
, deps
) {
989 times
= hashmap_get(unit_times_hashmap
, *c
); /* lgtm [cpp/inconsistent-null-check] */
990 if (times_in_range(times
, boot
) && times
->activated
>= service_longest
)
991 service_longest
= times
->activated
;
994 if (service_longest
== 0)
997 STRV_FOREACH(c
, deps
) {
998 times
= hashmap_get(unit_times_hashmap
, *c
); /* lgtm [cpp/inconsistent-null-check] */
999 if (times_in_range(times
, boot
) && service_longest
- times
->activated
<= arg_fuzz
)
1006 STRV_FOREACH(c
, deps
) {
1007 times
= hashmap_get(unit_times_hashmap
, *c
); /* lgtm [cpp/inconsistent-null-check] */
1008 if (!times_in_range(times
, boot
) || service_longest
- times
->activated
> arg_fuzz
)
1013 r
= list_dependencies_print(*c
, level
, branches
, to_print
== 0, times
, boot
);
1017 if (strv_contains(*units
, *c
)) {
1018 r
= list_dependencies_print("...", level
+ 1, (branches
<< 1) | (to_print
? 1 : 0),
1025 r
= list_dependencies_one(bus
, *c
, level
+ 1, units
, (branches
<< 1) | (to_print
? 1 : 0));
1035 static int list_dependencies(sd_bus
*bus
, const char *name
) {
1036 _cleanup_strv_free_
char **units
= NULL
;
1040 _cleanup_free_
char *path
= NULL
;
1041 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
1042 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1047 path
= unit_dbus_path_from_name(name
);
1051 r
= sd_bus_get_property(
1053 "org.freedesktop.systemd1",
1055 "org.freedesktop.systemd1.Unit",
1061 return log_error_errno(r
, "Failed to get ID: %s", bus_error_message(&error
, r
));
1063 r
= sd_bus_message_read(reply
, "s", &id
);
1065 return bus_log_parse_error(r
);
1067 times
= hashmap_get(unit_times_hashmap
, id
);
1069 r
= acquire_boot_times(bus
, &boot
);
1075 printf("%s%s +%s%s\n", ansi_highlight_red(), id
,
1076 FORMAT_TIMESPAN(times
->time
, USEC_PER_MSEC
), ansi_normal());
1077 else if (times
->activated
> boot
->userspace_time
)
1078 printf("%s @%s\n", id
,
1079 FORMAT_TIMESPAN(times
->activated
- boot
->userspace_time
, USEC_PER_MSEC
));
1084 return list_dependencies_one(bus
, name
, 0, &units
, 0);
1087 static int analyze_critical_chain(int argc
, char *argv
[], void *userdata
) {
1088 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1089 _cleanup_(unit_times_free_arrayp
) UnitTimes
*times
= NULL
;
1093 r
= acquire_bus(&bus
, NULL
);
1095 return bus_log_connect_error(r
, arg_transport
);
1097 n
= acquire_time_data(bus
, ×
);
1101 h
= hashmap_new(&string_hash_ops
);
1105 for (UnitTimes
*u
= times
; u
->has_data
; u
++) {
1106 r
= hashmap_put(h
, u
->name
, u
);
1108 return log_error_errno(r
, "Failed to add entry to hashmap: %m");
1110 unit_times_hashmap
= h
;
1112 pager_open(arg_pager_flags
);
1114 puts("The time when unit became active or started is printed after the \"@\" character.\n"
1115 "The time the unit took to start is printed after the \"+\" character.\n");
1119 STRV_FOREACH(name
, strv_skip(argv
, 1))
1120 list_dependencies(bus
, *name
);
1122 list_dependencies(bus
, SPECIAL_DEFAULT_TARGET
);
1124 h
= hashmap_free(h
);
1128 static int analyze_blame(int argc
, char *argv
[], void *userdata
) {
1129 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1130 _cleanup_(unit_times_free_arrayp
) UnitTimes
*times
= NULL
;
1131 _cleanup_(table_unrefp
) Table
*table
= NULL
;
1135 r
= acquire_bus(&bus
, NULL
);
1137 return bus_log_connect_error(r
, arg_transport
);
1139 n
= acquire_time_data(bus
, ×
);
1143 table
= table_new("time", "unit");
1147 table_set_header(table
, false);
1149 assert_se(cell
= table_get_cell(table
, 0, 0));
1150 r
= table_set_ellipsize_percent(table
, cell
, 100);
1154 r
= table_set_align_percent(table
, cell
, 100);
1158 assert_se(cell
= table_get_cell(table
, 0, 1));
1159 r
= table_set_ellipsize_percent(table
, cell
, 100);
1163 r
= table_set_sort(table
, (size_t) 0);
1167 r
= table_set_reverse(table
, 0, true);
1171 for (UnitTimes
*u
= times
; u
->has_data
; u
++) {
1175 r
= table_add_many(table
,
1176 TABLE_TIMESPAN_MSEC
, u
->time
,
1177 TABLE_STRING
, u
->name
);
1179 return table_log_add_error(r
);
1182 pager_open(arg_pager_flags
);
1184 return table_print(table
, NULL
);
1187 static int analyze_time(int argc
, char *argv
[], void *userdata
) {
1188 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1189 _cleanup_free_
char *buf
= NULL
;
1192 r
= acquire_bus(&bus
, NULL
);
1194 return bus_log_connect_error(r
, arg_transport
);
1196 r
= pretty_boot_time(bus
, &buf
);
1204 static int cat_config(int argc
, char *argv
[], void *userdata
) {
1208 pager_open(arg_pager_flags
);
1210 list
= strv_skip(argv
, 1);
1211 STRV_FOREACH(arg
, list
) {
1212 const char *t
= NULL
;
1217 if (path_is_absolute(*arg
)) {
1220 NULSTR_FOREACH(dir
, CONF_PATHS_NULSTR("")) {
1221 t
= path_startswith(*arg
, dir
);
1227 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1228 "Path %s does not start with any known prefix.", *arg
);
1232 r
= conf_files_cat(arg_root
, t
);
1240 static int verb_log_control(int argc
, char *argv
[], void *userdata
) {
1241 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1244 assert(IN_SET(argc
, 1, 2));
1246 r
= acquire_bus(&bus
, NULL
);
1248 return bus_log_connect_error(r
, arg_transport
);
1250 return verb_log_control_common(bus
, "org.freedesktop.systemd1", argv
[0], argc
== 2 ? argv
[1] : NULL
);
1253 static bool strv_fnmatch_strv_or_empty(char* const* patterns
, char **strv
, int flags
) {
1255 STRV_FOREACH(s
, strv
)
1256 if (strv_fnmatch_or_empty(patterns
, *s
, flags
))
1262 static int do_unit_files(int argc
, char *argv
[], void *userdata
) {
1263 _cleanup_(lookup_paths_free
) LookupPaths lp
= {};
1264 _cleanup_hashmap_free_ Hashmap
*unit_ids
= NULL
;
1265 _cleanup_hashmap_free_ Hashmap
*unit_names
= NULL
;
1266 char **patterns
= strv_skip(argv
, 1);
1267 const char *k
, *dst
;
1271 r
= lookup_paths_init(&lp
, arg_scope
, 0, NULL
);
1273 return log_error_errno(r
, "lookup_paths_init() failed: %m");
1275 r
= unit_file_build_name_map(&lp
, NULL
, &unit_ids
, &unit_names
, NULL
);
1277 return log_error_errno(r
, "unit_file_build_name_map() failed: %m");
1279 HASHMAP_FOREACH_KEY(dst
, k
, unit_ids
) {
1280 if (!strv_fnmatch_or_empty(patterns
, k
, FNM_NOESCAPE
) &&
1281 !strv_fnmatch_or_empty(patterns
, dst
, FNM_NOESCAPE
))
1284 printf("ids: %s → %s\n", k
, dst
);
1287 HASHMAP_FOREACH_KEY(v
, k
, unit_names
) {
1288 if (!strv_fnmatch_or_empty(patterns
, k
, FNM_NOESCAPE
) &&
1289 !strv_fnmatch_strv_or_empty(patterns
, v
, FNM_NOESCAPE
))
1292 _cleanup_free_
char *j
= strv_join(v
, ", ");
1293 printf("aliases: %s ← %s\n", k
, j
);
1299 static int dump_unit_paths(int argc
, char *argv
[], void *userdata
) {
1300 _cleanup_(lookup_paths_free
) LookupPaths paths
= {};
1304 r
= lookup_paths_init(&paths
, arg_scope
, 0, NULL
);
1306 return log_error_errno(r
, "lookup_paths_init() failed: %m");
1308 STRV_FOREACH(p
, paths
.search_path
)
1314 static int dump_exit_status(int argc
, char *argv
[], void *userdata
) {
1315 _cleanup_(table_unrefp
) Table
*table
= NULL
;
1318 table
= table_new("name", "status", "class");
1322 r
= table_set_align_percent(table
, table_get_cell(table
, 0, 1), 100);
1324 return log_error_errno(r
, "Failed to right-align status: %m");
1326 if (strv_isempty(strv_skip(argv
, 1)))
1327 for (size_t i
= 0; i
< ELEMENTSOF(exit_status_mappings
); i
++) {
1328 if (!exit_status_mappings
[i
].name
)
1331 r
= table_add_many(table
,
1332 TABLE_STRING
, exit_status_mappings
[i
].name
,
1334 TABLE_STRING
, exit_status_class(i
));
1336 return table_log_add_error(r
);
1339 for (int i
= 1; i
< argc
; i
++) {
1342 status
= exit_status_from_string(argv
[i
]);
1344 return log_error_errno(status
, "Invalid exit status \"%s\".", argv
[i
]);
1346 assert(status
>= 0 && (size_t) status
< ELEMENTSOF(exit_status_mappings
));
1347 r
= table_add_many(table
,
1348 TABLE_STRING
, exit_status_mappings
[status
].name
?: "-",
1350 TABLE_STRING
, exit_status_class(status
) ?: "-");
1352 return table_log_add_error(r
);
1355 pager_open(arg_pager_flags
);
1357 return table_print(table
, NULL
);
1360 static int dump_capabilities(int argc
, char *argv
[], void *userdata
) {
1361 _cleanup_(table_unrefp
) Table
*table
= NULL
;
1365 table
= table_new("name", "number");
1369 (void) table_set_align_percent(table
, table_get_cell(table
, 0, 1), 100);
1371 /* Determine the maximum of the last cap known by the kernel and by us */
1372 last_cap
= MAX((unsigned) CAP_LAST_CAP
, cap_last_cap());
1374 if (strv_isempty(strv_skip(argv
, 1)))
1375 for (unsigned c
= 0; c
<= last_cap
; c
++) {
1376 r
= table_add_many(table
,
1377 TABLE_STRING
, capability_to_name(c
) ?: "cap_???",
1380 return table_log_add_error(r
);
1383 for (int i
= 1; i
< argc
; i
++) {
1386 c
= capability_from_name(argv
[i
]);
1387 if (c
< 0 || (unsigned) c
> last_cap
)
1388 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Capability \"%s\" not known.", argv
[i
]);
1390 r
= table_add_many(table
,
1391 TABLE_STRING
, capability_to_name(c
) ?: "cap_???",
1392 TABLE_UINT
, (unsigned) c
);
1394 return table_log_add_error(r
);
1397 (void) table_set_sort(table
, (size_t) 1);
1400 pager_open(arg_pager_flags
);
1402 return table_print(table
, NULL
);
1405 void time_parsing_hint(const char *p
, bool calendar
, bool timestamp
, bool timespan
) {
1406 if (calendar
&& calendar_spec_from_string(p
, NULL
) >= 0)
1407 log_notice("Hint: this expression is a valid calendar specification. "
1408 "Use 'systemd-analyze calendar \"%s\"' instead?", p
);
1409 if (timestamp
&& parse_timestamp(p
, NULL
) >= 0)
1410 log_notice("Hint: this expression is a valid timestamp. "
1411 "Use 'systemd-analyze timestamp \"%s\"' instead?", p
);
1412 if (timespan
&& parse_time(p
, NULL
, USEC_PER_SEC
) >= 0)
1413 log_notice("Hint: this expression is a valid timespan. "
1414 "Use 'systemd-analyze timespan \"%s\"' instead?", p
);
1417 static int do_condition(int argc
, char *argv
[], void *userdata
) {
1418 return verify_conditions(strv_skip(argv
, 1), arg_scope
, arg_unit
, arg_root
);
1421 static int do_verify(int argc
, char *argv
[], void *userdata
) {
1422 _cleanup_strv_free_
char **filenames
= NULL
;
1423 _cleanup_(rm_rf_physical_and_freep
) char *tempdir
= NULL
;
1426 r
= mkdtemp_malloc("/tmp/systemd-analyze-XXXXXX", &tempdir
);
1428 return log_error_errno(r
, "Failed to setup working directory: %m");
1430 r
= process_aliases(argv
, tempdir
, &filenames
);
1432 return log_error_errno(r
, "Couldn't process aliases: %m");
1434 return verify_units(filenames
, arg_scope
, arg_man
, arg_generators
, arg_recursive_errors
, arg_root
);
1437 static int do_security(int argc
, char *argv
[], void *userdata
) {
1438 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1439 _cleanup_(json_variant_unrefp
) JsonVariant
*policy
= NULL
;
1441 unsigned line
, column
;
1444 r
= acquire_bus(&bus
, NULL
);
1446 return bus_log_connect_error(r
, arg_transport
);
1449 pager_open(arg_pager_flags
);
1451 if (arg_security_policy
) {
1452 r
= json_parse_file(/*f=*/ NULL
, arg_security_policy
, /*flags=*/ 0, &policy
, &line
, &column
);
1454 return log_error_errno(r
, "Failed to parse '%s' at %u:%u: %m", arg_security_policy
, line
, column
);
1456 _cleanup_fclose_
FILE *f
= NULL
;
1457 _cleanup_free_
char *pp
= NULL
;
1459 r
= search_and_fopen_nulstr("systemd-analyze-security.policy", "re", /*root=*/ NULL
, CONF_PATHS_NULSTR("systemd"), &f
, &pp
);
1460 if (r
< 0 && r
!= -ENOENT
)
1464 r
= json_parse_file(f
, pp
, /*flags=*/ 0, &policy
, &line
, &column
);
1466 return log_error_errno(r
, "[%s:%u:%u] Failed to parse JSON policy: %m", pp
, line
, column
);
1470 return analyze_security(bus
,
1480 arg_json_format_flags
,
1485 static int do_elf_inspection(int argc
, char *argv
[], void *userdata
) {
1486 pager_open(arg_pager_flags
);
1488 return analyze_elf(strv_skip(argv
, 1), arg_json_format_flags
);
1491 static int help(int argc
, char *argv
[], void *userdata
) {
1492 _cleanup_free_
char *link
= NULL
, *dot_link
= NULL
;
1495 pager_open(arg_pager_flags
);
1497 r
= terminal_urlify_man("systemd-analyze", "1", &link
);
1501 /* Not using terminal_urlify_man() for this, since we don't want the "man page" text suffix in this case. */
1502 r
= terminal_urlify("man:dot(1)", "dot(1)", &dot_link
);
1506 printf("%s [OPTIONS...] COMMAND ...\n\n"
1507 "%sProfile systemd, show unit dependencies, check unit files.%s\n"
1509 " [time] Print time required to boot the machine\n"
1510 " blame Print list of running units ordered by\n"
1512 " critical-chain [UNIT...] Print a tree of the time critical chain\n"
1514 " plot Output SVG graphic showing service\n"
1516 " dot [UNIT...] Output dependency graph in %s format\n"
1517 " dump Output state serialization of service\n"
1519 " cat-config Show configuration file and drop-ins\n"
1520 " unit-files List files and symlinks for units\n"
1521 " unit-paths List load directories for units\n"
1522 " exit-status [STATUS...] List exit status definitions\n"
1523 " capability [CAP...] List capability definitions\n"
1524 " syscall-filter [NAME...] List syscalls in seccomp filters\n"
1525 " filesystems [NAME...] List known filesystems\n"
1526 " condition CONDITION... Evaluate conditions and asserts\n"
1527 " verify FILE... Check unit files for correctness\n"
1528 " calendar SPEC... Validate repetitive calendar time\n"
1530 " timestamp TIMESTAMP... Validate a timestamp\n"
1531 " timespan SPAN... Validate a time span\n"
1532 " security [UNIT...] Analyze security of unit\n"
1533 " inspect-elf FILE... Parse and print ELF package metadata\n"
1535 " --recursive-errors=MODE Control which units are verified\n"
1536 " --offline=BOOL Perform a security review on unit file(s)\n"
1537 " --threshold=N Exit with a non-zero status when overall\n"
1538 " exposure level is over threshold value\n"
1539 " --security-policy=PATH Use custom JSON security policy instead\n"
1540 " of built-in one\n"
1541 " --json=pretty|short|off Generate JSON output of the security\n"
1543 " --no-pager Do not pipe output into a pager\n"
1544 " --system Operate on system systemd instance\n"
1545 " --user Operate on user systemd instance\n"
1546 " --global Operate on global user configuration\n"
1547 " -H --host=[USER@]HOST Operate on remote host\n"
1548 " -M --machine=CONTAINER Operate on local container\n"
1549 " --order Show only order in the graph\n"
1550 " --require Show only requirement in the graph\n"
1551 " --from-pattern=GLOB Show only origins in the graph\n"
1552 " --to-pattern=GLOB Show only destinations in the graph\n"
1553 " --fuzz=SECONDS Also print services which finished SECONDS\n"
1554 " earlier than the latest in the branch\n"
1555 " --man[=BOOL] Do [not] check for existence of man pages\n"
1556 " --generators[=BOOL] Do [not] run unit generators\n"
1557 " (requires privileges)\n"
1558 " --iterations=N Show the specified number of iterations\n"
1559 " --base-time=TIMESTAMP Calculate calendar times relative to\n"
1561 " --profile=name|PATH Include the specified profile in the\n"
1562 " security review of the unit(s)\n"
1563 " -h --help Show this help\n"
1564 " --version Show package version\n"
1565 " -q --quiet Do not emit hints\n"
1566 "\nSee the %s for details.\n",
1567 program_invocation_short_name
,
1573 /* When updating this list, including descriptions, apply changes to
1574 * shell-completion/bash/systemd-analyze and shell-completion/zsh/_systemd-analyze too. */
1579 static int parse_argv(int argc
, char *argv
[]) {
1581 ARG_VERSION
= 0x100,
1589 ARG_DOT_FROM_PATTERN
,
1597 ARG_RECURSIVE_ERRORS
,
1600 ARG_SECURITY_POLICY
,
1605 static const struct option options
[] = {
1606 { "help", no_argument
, NULL
, 'h' },
1607 { "version", no_argument
, NULL
, ARG_VERSION
},
1608 { "quiet", no_argument
, NULL
, 'q' },
1609 { "order", no_argument
, NULL
, ARG_ORDER
},
1610 { "require", no_argument
, NULL
, ARG_REQUIRE
},
1611 { "root", required_argument
, NULL
, ARG_ROOT
},
1612 { "image", required_argument
, NULL
, ARG_IMAGE
},
1613 { "recursive-errors", required_argument
, NULL
, ARG_RECURSIVE_ERRORS
},
1614 { "offline", required_argument
, NULL
, ARG_OFFLINE
},
1615 { "threshold", required_argument
, NULL
, ARG_THRESHOLD
},
1616 { "security-policy", required_argument
, NULL
, ARG_SECURITY_POLICY
},
1617 { "system", no_argument
, NULL
, ARG_SYSTEM
},
1618 { "user", no_argument
, NULL
, ARG_USER
},
1619 { "global", no_argument
, NULL
, ARG_GLOBAL
},
1620 { "from-pattern", required_argument
, NULL
, ARG_DOT_FROM_PATTERN
},
1621 { "to-pattern", required_argument
, NULL
, ARG_DOT_TO_PATTERN
},
1622 { "fuzz", required_argument
, NULL
, ARG_FUZZ
},
1623 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
1624 { "man", optional_argument
, NULL
, ARG_MAN
},
1625 { "generators", optional_argument
, NULL
, ARG_GENERATORS
},
1626 { "host", required_argument
, NULL
, 'H' },
1627 { "machine", required_argument
, NULL
, 'M' },
1628 { "iterations", required_argument
, NULL
, ARG_ITERATIONS
},
1629 { "base-time", required_argument
, NULL
, ARG_BASE_TIME
},
1630 { "unit", required_argument
, NULL
, 'U' },
1631 { "json", required_argument
, NULL
, ARG_JSON
},
1632 { "profile", required_argument
, NULL
, ARG_PROFILE
},
1641 while ((c
= getopt_long(argc
, argv
, "hH:M:U:", options
, NULL
)) >= 0)
1645 return help(0, NULL
, NULL
);
1654 case ARG_RECURSIVE_ERRORS
:
1655 if (streq(optarg
, "help")) {
1656 DUMP_STRING_TABLE(recursive_errors
, RecursiveErrors
, _RECURSIVE_ERRORS_MAX
);
1659 r
= recursive_errors_from_string(optarg
);
1661 return log_error_errno(r
, "Unknown mode passed to --recursive-errors='%s'.", optarg
);
1663 arg_recursive_errors
= r
;
1667 r
= parse_path_argument(optarg
, /* suppress_root= */ true, &arg_root
);
1673 r
= parse_path_argument(optarg
, /* suppress_root= */ false, &arg_image
);
1679 arg_scope
= UNIT_FILE_SYSTEM
;
1683 arg_scope
= UNIT_FILE_USER
;
1687 arg_scope
= UNIT_FILE_GLOBAL
;
1691 arg_dot
= DEP_ORDER
;
1695 arg_dot
= DEP_REQUIRE
;
1698 case ARG_DOT_FROM_PATTERN
:
1699 if (strv_extend(&arg_dot_from_patterns
, optarg
) < 0)
1704 case ARG_DOT_TO_PATTERN
:
1705 if (strv_extend(&arg_dot_to_patterns
, optarg
) < 0)
1711 r
= parse_sec(optarg
, &arg_fuzz
);
1717 arg_pager_flags
|= PAGER_DISABLE
;
1721 arg_transport
= BUS_TRANSPORT_REMOTE
;
1726 arg_transport
= BUS_TRANSPORT_MACHINE
;
1731 r
= parse_boolean_argument("--man", optarg
, &arg_man
);
1736 case ARG_GENERATORS
:
1737 r
= parse_boolean_argument("--generators", optarg
, &arg_generators
);
1743 r
= parse_boolean_argument("--offline", optarg
, &arg_offline
);
1749 r
= safe_atou(optarg
, &arg_threshold
);
1750 if (r
< 0 || arg_threshold
> 100)
1751 return log_error_errno(r
< 0 ? r
: SYNTHETIC_ERRNO(EINVAL
), "Failed to parse threshold: %s", optarg
);
1755 case ARG_SECURITY_POLICY
:
1756 r
= parse_path_argument(optarg
, /* suppress_root= */ false, &arg_security_policy
);
1762 r
= parse_json_argument(optarg
, &arg_json_format_flags
);
1767 case ARG_ITERATIONS
:
1768 r
= safe_atou(optarg
, &arg_iterations
);
1770 return log_error_errno(r
, "Failed to parse iterations: %s", optarg
);
1775 r
= parse_timestamp(optarg
, &arg_base_time
);
1777 return log_error_errno(r
, "Failed to parse --base-time= parameter: %s", optarg
);
1782 if (isempty(optarg
))
1783 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Profile file name is empty");
1785 if (is_path(optarg
)) {
1786 r
= parse_path_argument(optarg
, /* suppress_root= */ false, &arg_profile
);
1789 if (!endswith(arg_profile
, ".conf"))
1790 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Profile file name must end with .conf: %s", arg_profile
);
1792 r
= free_and_strdup(&arg_profile
, optarg
);
1800 _cleanup_free_
char *mangled
= NULL
;
1802 r
= unit_name_mangle(optarg
, UNIT_NAME_MANGLE_WARN
, &mangled
);
1804 return log_error_errno(r
, "Failed to mangle unit name %s: %m", optarg
);
1806 free_and_replace(arg_unit
, mangled
);
1813 assert_not_reached();
1816 if (arg_offline
&& !streq_ptr(argv
[optind
], "security"))
1817 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1818 "Option --offline= is only supported for security right now.");
1820 if (arg_json_format_flags
!= JSON_FORMAT_OFF
&& !STRPTR_IN_SET(argv
[optind
], "security", "inspect-elf"))
1821 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1822 "Option --json= is only supported for security and inspect-elf right now.");
1824 if (arg_threshold
!= 100 && !streq_ptr(argv
[optind
], "security"))
1825 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1826 "Option --threshold= is only supported for security right now.");
1828 if (arg_scope
== UNIT_FILE_GLOBAL
&&
1829 !STR_IN_SET(argv
[optind
] ?: "time", "dot", "unit-paths", "verify"))
1830 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1831 "Option --global only makes sense with verbs dot, unit-paths, verify.");
1833 if (streq_ptr(argv
[optind
], "cat-config") && arg_scope
== UNIT_FILE_USER
)
1834 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1835 "Option --user is not supported for cat-config right now.");
1837 if (arg_security_policy
&& !streq_ptr(argv
[optind
], "security"))
1838 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1839 "Option --security-policy= is only supported for security.");
1841 if ((arg_root
|| arg_image
) && (!STRPTR_IN_SET(argv
[optind
], "cat-config", "verify", "condition")) &&
1842 (!(streq_ptr(argv
[optind
], "security") && arg_offline
)))
1843 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1844 "Options --root= and --image= are only supported for cat-config, verify, condition and security when used with --offline= right now.");
1846 /* Having both an image and a root is not supported by the code */
1847 if (arg_root
&& arg_image
)
1848 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Please specify either --root= or --image=, the combination of both is not supported.");
1850 if (arg_unit
&& !streq_ptr(argv
[optind
], "condition"))
1851 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Option --unit= is only supported for condition");
1853 if (streq_ptr(argv
[optind
], "condition") && !arg_unit
&& optind
>= argc
- 1)
1854 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Too few arguments for condition");
1856 if (streq_ptr(argv
[optind
], "condition") && arg_unit
&& optind
< argc
- 1)
1857 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "No conditions can be passed if --unit= is used.");
1859 return 1; /* work to do */
1862 static int run(int argc
, char *argv
[]) {
1863 _cleanup_(loop_device_unrefp
) LoopDevice
*loop_device
= NULL
;
1864 _cleanup_(decrypted_image_unrefp
) DecryptedImage
*decrypted_image
= NULL
;
1865 _cleanup_(umount_and_rmdir_and_freep
) char *unlink_dir
= NULL
;
1867 static const Verb verbs
[] = {
1868 { "help", VERB_ANY
, VERB_ANY
, 0, help
},
1869 { "time", VERB_ANY
, 1, VERB_DEFAULT
, analyze_time
},
1870 { "blame", VERB_ANY
, 1, 0, analyze_blame
},
1871 { "critical-chain", VERB_ANY
, VERB_ANY
, 0, analyze_critical_chain
},
1872 { "plot", VERB_ANY
, 1, 0, analyze_plot
},
1873 { "dot", VERB_ANY
, VERB_ANY
, 0, dot
},
1874 /* ↓ The following seven verbs are deprecated, from here … ↓ */
1875 { "log-level", VERB_ANY
, 2, 0, verb_log_control
},
1876 { "log-target", VERB_ANY
, 2, 0, verb_log_control
},
1877 { "set-log-level", 2, 2, 0, verb_log_control
},
1878 { "get-log-level", VERB_ANY
, 1, 0, verb_log_control
},
1879 { "set-log-target", 2, 2, 0, verb_log_control
},
1880 { "get-log-target", VERB_ANY
, 1, 0, verb_log_control
},
1881 { "service-watchdogs", VERB_ANY
, 2, 0, service_watchdogs
},
1882 /* ↑ … until here ↑ */
1883 { "dump", VERB_ANY
, 1, 0, dump
},
1884 { "cat-config", 2, VERB_ANY
, 0, cat_config
},
1885 { "unit-files", VERB_ANY
, VERB_ANY
, 0, do_unit_files
},
1886 { "unit-paths", 1, 1, 0, dump_unit_paths
},
1887 { "exit-status", VERB_ANY
, VERB_ANY
, 0, dump_exit_status
},
1888 { "syscall-filter", VERB_ANY
, VERB_ANY
, 0, dump_syscall_filters
},
1889 { "capability", VERB_ANY
, VERB_ANY
, 0, dump_capabilities
},
1890 { "filesystems", VERB_ANY
, VERB_ANY
, 0, dump_filesystems
},
1891 { "condition", VERB_ANY
, VERB_ANY
, 0, do_condition
},
1892 { "verify", 2, VERB_ANY
, 0, do_verify
},
1893 { "calendar", 2, VERB_ANY
, 0, test_calendar
},
1894 { "timestamp", 2, VERB_ANY
, 0, test_timestamp
},
1895 { "timespan", 2, VERB_ANY
, 0, dump_timespan
},
1896 { "security", VERB_ANY
, VERB_ANY
, 0, do_security
},
1897 { "inspect-elf", 2, VERB_ANY
, 0, do_elf_inspection
},
1903 setlocale(LC_ALL
, "");
1904 setlocale(LC_NUMERIC
, "C"); /* we want to format/parse floats in C style */
1908 r
= parse_argv(argc
, argv
);
1912 /* Open up and mount the image */
1916 r
= mount_image_privately_interactively(
1918 DISSECT_IMAGE_GENERIC_ROOT
|
1919 DISSECT_IMAGE_RELAX_VAR_CHECK
|
1920 DISSECT_IMAGE_READ_ONLY
,
1927 arg_root
= strdup(unlink_dir
);
1932 return dispatch_verb(argc
, argv
, verbs
, NULL
);
1935 DEFINE_MAIN_FUNCTION(run
);