let's move the verb entropy point too, like for the other verbs now.
#include <sys/utsname.h>
#include "af-list.h"
+#include "analyze.h"
#include "analyze-security.h"
#include "analyze-verify.h"
#include "bus-error.h"
#include "bus-util.h"
#include "copy.h"
#include "env-util.h"
+#include "fd-util.h"
+#include "fileio.h"
#include "format-table.h"
#include "in-addr-prefix-util.h"
#include "locale-util.h"
return r;
}
-int analyze_security(sd_bus *bus,
+static int analyze_security(sd_bus *bus,
char **units,
JsonVariant *policy,
UnitFileScope scope,
}
return ret;
}
+
+int do_security(int argc, char *argv[], void *userdata) {
+ _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+ _cleanup_(json_variant_unrefp) JsonVariant *policy = NULL;
+ int r;
+ unsigned line, column;
+
+ if (!arg_offline) {
+ r = acquire_bus(&bus, NULL);
+ if (r < 0)
+ return bus_log_connect_error(r, arg_transport);
+ }
+
+ pager_open(arg_pager_flags);
+
+ if (arg_security_policy) {
+ r = json_parse_file(/*f=*/ NULL, arg_security_policy, /*flags=*/ 0, &policy, &line, &column);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse '%s' at %u:%u: %m", arg_security_policy, line, column);
+ } else {
+ _cleanup_fclose_ FILE *f = NULL;
+ _cleanup_free_ char *pp = NULL;
+
+ r = search_and_fopen_nulstr("systemd-analyze-security.policy", "re", /*root=*/ NULL, CONF_PATHS_NULSTR("systemd"), &f, &pp);
+ if (r < 0 && r != -ENOENT)
+ return r;
+
+ if (f) {
+ r = json_parse_file(f, pp, /*flags=*/ 0, &policy, &line, &column);
+ if (r < 0)
+ return log_error_errno(r, "[%s:%u:%u] Failed to parse JSON policy: %m", pp, line, column);
+ }
+ }
+
+ return analyze_security(bus,
+ strv_skip(argv, 1),
+ policy,
+ arg_scope,
+ arg_man,
+ arg_generators,
+ arg_offline,
+ arg_threshold,
+ arg_root,
+ arg_profile,
+ arg_json_format_flags,
+ arg_pager_flags,
+ /*flags=*/ 0);
+}
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
-#include <stdbool.h>
-
-#include "sd-bus.h"
-
-#include "json.h"
-#include "pager.h"
-#include "unit-file.h"
-
typedef enum AnalyzeSecurityFlags {
ANALYZE_SECURITY_SHORT = 1 << 0,
ANALYZE_SECURITY_ONLY_LOADED = 1 << 1,
ANALYZE_SECURITY_ONLY_LONG_RUNNING = 1 << 2,
} AnalyzeSecurityFlags;
-int analyze_security(sd_bus *bus,
- char **units,
- JsonVariant *policy,
- UnitFileScope scope,
- bool check_man,
- bool run_generators,
- bool offline,
- unsigned threshold,
- const char *root,
- const char *profile,
- JsonFormatFlags json_format_flags,
- PagerFlags pager_flags,
- AnalyzeSecurityFlags flags);
+int do_security(int argc, char *argv[], void *userdata);
const char *arg_host = NULL;
UnitFileScope arg_scope = UNIT_FILE_SYSTEM;
static RecursiveErrors arg_recursive_errors = RECURSIVE_ERRORS_YES;
-static bool arg_man = true;
-static bool arg_generators = false;
+bool arg_man = true;
+bool arg_generators = false;
char *arg_root = NULL;
static char *arg_image = NULL;
-static char *arg_security_policy = NULL;
-static bool arg_offline = false;
-static unsigned arg_threshold = 100;
+char *arg_security_policy = NULL;
+bool arg_offline = false;
+unsigned arg_threshold = 100;
unsigned arg_iterations = 1;
usec_t arg_base_time = USEC_INFINITY;
static char *arg_unit = NULL;
-static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF;
+JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF;
bool arg_quiet = false;
-static char *arg_profile = NULL;
+char *arg_profile = NULL;
STATIC_DESTRUCTOR_REGISTER(arg_dot_from_patterns, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_dot_to_patterns, strv_freep);
return verify_units(filenames, arg_scope, arg_man, arg_generators, arg_recursive_errors, arg_root);
}
-static int do_security(int argc, char *argv[], void *userdata) {
- _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
- _cleanup_(json_variant_unrefp) JsonVariant *policy = NULL;
- int r;
- unsigned line, column;
-
- if (!arg_offline) {
- r = acquire_bus(&bus, NULL);
- if (r < 0)
- return bus_log_connect_error(r, arg_transport);
- }
-
- pager_open(arg_pager_flags);
-
- if (arg_security_policy) {
- r = json_parse_file(/*f=*/ NULL, arg_security_policy, /*flags=*/ 0, &policy, &line, &column);
- if (r < 0)
- return log_error_errno(r, "Failed to parse '%s' at %u:%u: %m", arg_security_policy, line, column);
- } else {
- _cleanup_fclose_ FILE *f = NULL;
- _cleanup_free_ char *pp = NULL;
-
- r = search_and_fopen_nulstr("systemd-analyze-security.policy", "re", /*root=*/ NULL, CONF_PATHS_NULSTR("systemd"), &f, &pp);
- if (r < 0 && r != -ENOENT)
- return r;
-
- if (f) {
- r = json_parse_file(f, pp, /*flags=*/ 0, &policy, &line, &column);
- if (r < 0)
- return log_error_errno(r, "[%s:%u:%u] Failed to parse JSON policy: %m", pp, line, column);
- }
- }
-
- return analyze_security(bus,
- strv_skip(argv, 1),
- policy,
- arg_scope,
- arg_man,
- arg_generators,
- arg_offline,
- arg_threshold,
- arg_root,
- arg_profile,
- arg_json_format_flags,
- arg_pager_flags,
- /*flags=*/ 0);
-}
-
static int do_elf_inspection(int argc, char *argv[], void *userdata) {
pager_open(arg_pager_flags);
#include <stdbool.h>
#include "bus-util.h"
+#include "json.h"
#include "pager.h"
#include "time-util.h"
#include "unit-file.h"
extern BusTransport arg_transport;
extern const char *arg_host;
extern UnitFileScope arg_scope;
+extern bool arg_man;
+extern bool arg_generators;
extern char *arg_root;
+extern char *arg_security_policy;
+extern bool arg_offline;
+extern unsigned arg_threshold;
extern unsigned arg_iterations;
extern usec_t arg_base_time;
+extern JsonFormatFlags arg_json_format_flags;
extern bool arg_quiet;
+extern char *arg_profile;
int acquire_bus(sd_bus **bus, bool *use_full_bus);