From: Antonio Alvarez Feijoo Date: Thu, 11 Jan 2024 10:00:37 +0000 (+0100) Subject: analyze: clarify that `security --offline=true` requires an argument X-Git-Tag: v256-rc1~1191 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e16328506e1ec33a33162fc64e762152359efdd;p=thirdparty%2Fsystemd.git analyze: clarify that `security --offline=true` requires an argument Without `--root` or `--image`, the `security` command inspects all currently loaded service units if no unit name is specified. But with `--root` or `--image` with `--offline=true`, the `security` command exits silently if no unit name is specified. Also, fixed description of `--root` and `--image` in the man page, and added missing `--unit` option to help text. --- diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index 0b5e8ba974f..db14038bfbc 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -1107,8 +1107,10 @@ x86-64 native - With cat-files and verify, - operate on files underneath the specified root path PATH. + With cat-config, verify, + condition and security when used with + , operate on files underneath the specified root path + PATH. @@ -1116,8 +1118,10 @@ x86-64 native - With cat-files and verify, - operate on files inside the specified image path PATH. + With cat-config, verify, + condition and security when used with + , operate on files inside the specified image path + PATH. diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c index 14458260c6a..49b4c3b8cc1 100644 --- a/src/analyze/analyze.c +++ b/src/analyze/analyze.c @@ -272,6 +272,7 @@ static int help(int argc, char *argv[], void *userdata) { " specified time\n" " --profile=name|PATH Include the specified profile in the\n" " security review of the unit(s)\n" + " --unit=UNIT Evaluate conditions and asserts of unit\n" " --table Output plot's raw time data as a table\n" " -h --help Show this help\n" " --version Show package version\n" @@ -559,6 +560,10 @@ static int parse_argv(int argc, char *argv[]) { return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --offline= is only supported for security right now."); + if (arg_offline && optind >= argc - 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Option --offline= requires one or more units to perform a security review."); + if (arg_json_format_flags != JSON_FORMAT_OFF && !STRPTR_IN_SET(argv[optind], "security", "inspect-elf", "plot", "fdstore", "pcrs", "architectures", "capability", "exit-status")) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Option --json= is only supported for security, inspect-elf, plot, fdstore, pcrs, architectures, capability, exit-status right now.");