From: Luca Boccassi Date: Thu, 4 Nov 2021 19:47:29 +0000 (+0000) Subject: analyze: explain how the weight/range policy fields are used X-Git-Tag: v250-rc1~341^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=03e93377dc47a5dabb4c4b968b241ecf03f72315;p=thirdparty%2Fsystemd.git analyze: explain how the weight/range policy fields are used --- diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index 87e15369862..d3dfa9e5261 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -1075,9 +1075,13 @@ Service b@0.service not loaded, b.socket cannot be started. corresponding to a specific id of the unit file is missing from the JSON object, the default built-in field value corresponding to that same id is used for security analysis as default. The weight and range fields are used in determining the overall exposure level - of the unit files so by allowing users to manipulate these fields, 'security' gives them - the option to decide for themself which ids are more important and hence, should have a greater - effect on the exposure level. + of the unit files: the value of each setting is assigned a badness score, which is multiplied + by the policy weight and divided by the policy range to determine the overall exposure that + the setting implies. The computed badness is summed across all settings in the unit file, + normalized to the 1…100 range, and used to determine the overall exposure level of the unit. + By allowing users to manipulate these fields, the 'security' verb gives them the option to + decide for themself which ids are more important and hence should have a greater effect on + the exposure level. {