From abf0ccc1c6fb81fdcb801566695600a518a28b43 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 20 Dec 2023 23:20:01 +0900 Subject: [PATCH] analyze-verify: verify all executables ExecStart= and friends for .service and .socket can be specified multiple times. This also checks all commands for .mount and .swap, not only for the current control command. --- src/analyze/analyze-verify-util.c | 18 +++++++++++------- test/units/testsuite-65.sh | 11 +++++++++++ 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/src/analyze/analyze-verify-util.c b/src/analyze/analyze-verify-util.c index 0202db77135..bc61ebe2b17 100644 --- a/src/analyze/analyze-verify-util.c +++ b/src/analyze/analyze-verify-util.c @@ -201,19 +201,23 @@ static int verify_executables(Unit *u, const char *root) { assert(u); - ExecCommand *exec = - u->type == UNIT_SOCKET ? SOCKET(u)->control_command : - u->type == UNIT_MOUNT ? MOUNT(u)->control_command : - u->type == UNIT_SWAP ? SWAP(u)->control_command : NULL; - RET_GATHER(r, verify_executable(u, exec, root)); + if (u->type == UNIT_MOUNT) + FOREACH_ARRAY(i, MOUNT(u)->exec_command, ELEMENTSOF(MOUNT(u)->exec_command)) + RET_GATHER(r, verify_executable(u, i, root)); if (u->type == UNIT_SERVICE) FOREACH_ARRAY(i, SERVICE(u)->exec_command, ELEMENTSOF(SERVICE(u)->exec_command)) - RET_GATHER(r, verify_executable(u, *i, root)); + LIST_FOREACH(command, j, *i) + RET_GATHER(r, verify_executable(u, j, root)); if (u->type == UNIT_SOCKET) FOREACH_ARRAY(i, SOCKET(u)->exec_command, ELEMENTSOF(SOCKET(u)->exec_command)) - RET_GATHER(r, verify_executable(u, *i, root)); + LIST_FOREACH(command, j, *i) + RET_GATHER(r, verify_executable(u, j, root)); + + if (u->type == UNIT_SWAP) + FOREACH_ARRAY(i, SWAP(u)->exec_command, ELEMENTSOF(SWAP(u)->exec_command)) + RET_GATHER(r, verify_executable(u, i, root)); return r; } diff --git a/test/units/testsuite-65.sh b/test/units/testsuite-65.sh index 4c92683ce01..078bc8b5f53 100755 --- a/test/units/testsuite-65.sh +++ b/test/units/testsuite-65.sh @@ -337,6 +337,17 @@ systemd-analyze verify /tmp/hoge@test.service (! systemd-analyze verify /tmp/hoge@nonexist.service) (! systemd-analyze verify /tmp/hoge@.service) +# test that all commands are verified. +cat </tmp/multi-exec-start.service +[Service] +Type=oneshot +ExecStart=true +ExecStart=ls +EOF +systemd-analyze verify /tmp/multi-exec-start.service +echo 'ExecStart=command-should-not-exist' >>/tmp/multi-exec-start.service +(! systemd-analyze verify /tmp/multi-exec-start.service) + # Added an additional "INVALID_ID" id to the .json to verify that nothing breaks when input is malformed # The PrivateNetwork id description and weight was changed to verify that 'security' is actually reading in # values from the .json file when required. The default weight for "PrivateNetwork" is 2500, and the new weight -- 2.47.3