summaryrefslogtreecommitdiff
path: root/src/analyze
Commit message (Collapse)AuthorAgeFilesLines
* image-policy: introduce parse_image_policy_argument() helperYu Watanabe2023-04-131-14/+8
| | | | | | | | | Addresses https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1060130312, https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1067927293, and https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1067926416. Follow-up for 84be0c710d9d562f6d2cf986cc2a8ff4c98a138b.
* Merge pull request #25608 from poettering/dissect-moarLennart Poettering2023-04-125-0/+179
|\ | | | | dissect: add dissection policies
| * sysext: default to a stricter image policy when reading /.extra/sysext/ DDIsLennart Poettering2023-04-051-0/+2
| |
| * analyze: add 'image-policy' tool for analyzing image dissection policiesLennart Poettering2023-04-054-0/+158
| |
| * tree-wide: hook up image dissection policy logic everywhereLennart Poettering2023-04-052-0/+19
| |
* | analyze: make blame command work even the default target not reachedYu Watanabe2023-04-105-25/+36
|/
* analyze: add new fdstore verbLennart Poettering2023-03-294-3/+122
|
* analyze: don't claim "@known" was an unlisted syscallLennart Poettering2023-03-241-6/+27
| | | | | | | | | | It's a sycall group of our own definition, and the output is erroneous to claim otherwise. Let's hide it. This adds syscall_set_add() which is nicely symmetric to the existing syscall_set_remove(). Follow-up for: 6d6a08547c03f96dc798cda1ef4a8d3013d292d5
* copy: Move chattr arguments to full function signaturesDaan De Meyer2023-03-212-2/+2
| | | | | These are almost never used, so let's move them to the _full() functions signatures.
* tree-wide: simplify x ? x : y to x ?: y where applicableFrantisek Sumsal2023-03-181-1/+1
|
* basic: add RuntimeScope enumLennart Poettering2023-03-1011-47/+55
| | | | | | | | | | | | In various tools and services we have a per-system and per-user concept. So far we sometimes used a boolean indicating whether we are in system mode, or a reversed boolean indicating whether we are in user mode, or the LookupScope enum used by the lookup path logic. Let's address that, in introduce a common enum for this, we can use all across the board. This is mostly just search/replace, no actual code changes.
* analyze: add 'malloc' verb to dump malloc_info()Luca Boccassi2023-02-236-15/+91
| | | | | | | | | | | | | | | | | | | | | | | | | | | Gets the memory state of the manager: root@image:~# systemd-analyze malloc <malloc version=1> <heap nr=0> <sizes> <size from=33 to=33 total=396 count=12/> <unsorted from=20385 to=20385 total=20385 count=1/> </sizes> <total type=fast count=0 size=0/> <total type=rest count=14 size=36589/> <system type=current size=1691648/> <system type=max size=1839104/> <aspace type=total size=1691648/> <aspace type=mprotect size=1691648/> </heap> <total type=fast count=0 size=0/> <total type=rest count=14 size=36589/> <total type=mmap count=0 size=0/> <system type=current size=1691648/> <system type=max size=1839104/> <aspace type=total size=1691648/> <aspace type=mprotect size=1691648/> </malloc>
* meson: Use dicts for test definitionsJan Janssen2023-02-211-7/+7
| | | | | | | Although this slightly more verbose it makes it much easier to reason about. The code that produces the tests heavily benefits from this. Test lists are also now sorted by test name.
* dissect-image: Return mount point fd if requestedDaan De Meyer2023-02-171-0/+1
|
* meson: Do not include headers in source listsJan Janssen2023-01-241-26/+2
| | | | | | Meson+ninja+compiler do this for us and are better at it. https://mesonbuild.com/FAQ.html#do-i-need-to-add-my-headers-to-the-sources-list-like-in-autotools
* tree-wide: unify how we pick OS pretty name to displayLennart Poettering2023-01-241-1/+2
|
* systemd-analyze: Add table and JSON output implementation to plotJoshua Zivkovic2023-01-183-52/+154
|
* analyze: basename() → path_extract_filename()Lennart Poettering2022-12-231-6/+6
|
* tree-wide: use -EBADF for fd initializationZbigniew Jędrzejewski-Szmek2022-12-191-1/+1
| | | | | | | | | | | | | | | | -1 was used everywhere, but -EBADF or -EBADFD started being used in various places. Let's make things consistent in the new style. Note that there are two candidates: EBADF 9 Bad file descriptor EBADFD 77 File descriptor in bad state Since we're initializating the fd, we're just assigning a value that means "no fd yet", so it's just a bad file descriptor, and the first errno fits better. If instead we had a valid file descriptor that became invalid because of some operation or state change, the other errno would fit better. In some places, initialization is dropped if unnecessary.
* localectl,analyze: some minor vertical table rework fixesLennart Poettering2022-11-161-4/+0
| | | | Follow-up for #25339
* analyze-inspect-elf: port to vertical tableDavid Tardon2022-11-131-19/+5
|
* analyze-timespan: port to vertical tableDavid Tardon2022-11-131-10/+4
|
* analyze-timestamp: port to vertical tableDavid Tardon2022-11-131-12/+6
|
* analyze-calendar: port to vertical tableDavid Tardon2022-11-131-14/+8
|
* analyze-calendar: avoid unnecessary abbreviationDavid Tardon2022-11-131-1/+1
|
* nulstr-util: Declare NULSTR_FOREACH() iterator inlineDaan De Meyer2022-11-114-13/+0
|
* Rename def.h to constants.hZbigniew Jędrzejewski-Szmek2022-11-082-2/+2
| | | | | | The name "def.h" originates from before the rule of "no needless abbreviations" was established. Let's rename the file to clarify that it contains a collection of various semi-related constants.
* basic: move version() to build.h+cZbigniew Jędrzejewski-Szmek2022-11-081-1/+1
|
* analyze: add --image= + --root= to --help textLennart Poettering2022-10-251-0/+2
|
* analyze: use DumpUnitsMatchingPatternsByFileDescriptorZbigniew Jędrzejewski-Szmek2022-10-181-41/+90
| | | | | | | | | | | | | | | | Similarly to DumpByFileDescriptor vs Dump, DumpUnitsMatchingPatternsByFileDescriptor is used in preference. Dissimilarly, a fallback to DumpUnitsMatchingPatterns is not done on error, because there is no need for backwards compatibility. The code is still more verbose than I'd like, but there are four different code paths with slightly different rules in each case, so it's hard to make this all very brief. Since we have a separate file dedicated to making those calls, the verbose-but-easy-to-follow implementation should be OK. Closes #24989. I only did a quick test that all both variants works locally and over ssh.
* manager: rename dbus methodZbigniew Jędrzejewski-Szmek2022-10-141-2/+2
| | | | Fixes #24989.
* analyze: extend the dump command to accept patternsFranck Bui2022-10-132-2/+45
| | | | | | | | | | The new function DumpPatterns() can be used to limit (drastically) the size of the data returned by PID1. Hence the optimization of serializing data into a file descriptor should be less relevant than having the possibility to limit the data when communicating with the service manager remotely. NB: when passing patterns, the dump command omits the version of the manager as well as the features and the timestamps.
* analyze: add forgotten return statementZbigniew Jędrzejewski-Szmek2022-10-111-1/+1
| | | | We would fail with an assert in sd_bus_message_enter_container() afterwards.
* tree-wide: get rid of lgtm annotationsZbigniew Jędrzejewski-Szmek2022-10-111-3/+3
| | | | | We now use CodeQL, and LGTM itself is gone. Those old annotations are not useful for anythign now.
* analyze: use the same error variable name as everywhere elseZbigniew Jędrzejewski-Szmek2022-10-111-3/+3
|
* tree-wide: drop unused reference to DecryptedImageYu Watanabe2022-09-181-3/+1
|
* tree-wide: use ASSERT_PTR moreDavid Tardon2022-09-133-13/+6
|
* compare: support textual operators, and port analyze over to itLennart Poettering2022-09-011-16/+11
|
* tree-wide: port things dirname_malloc() → path_extract_directory()Lennart Poettering2022-08-231-10/+17
|
* analyze: Migrate to bus-locator.hRichard Phibel2022-08-041-4/+3
| | | | Migrated analyze-security to use new API bus_call_method instead of sd_bus_call_method.
* analyze-security: always save syscall nameYu Watanabe2022-06-171-17/+22
| | | | | | | | | | | | | | | | | | | | | | This reverts dd51e725df9aec2847482131ef601e0215b371a0 and fixes bugs introduced by 1624114d74f55ad9791b7624b08d89d2339a68b3. Previously, - On online scan, the syscall filter was a string Hashmap, but it might contain syscall name with errno or error action. Hence, we need to drop the errno or error action in the string. - On offline scan, the syscall filter was a Hashmap of syscall ID, so hashmap_contains() with syscall name did not work. We need to convert syscall IDs to syscall names. - If hashmap_contains() in syscall_names_in_filter() is true, then the syscall is allowed when the list is an allow-list, and vice versa. Hence, the condition in syscall_names_in_filter() was errnously inverted by dd51e725df9aec2847482131ef601e0215b371a0. This makes syscalls are always stored with its name, instead of ID, and also correct the condition. Fixes #23663.
* analyze: use IN_SET() in one more placeFrantisek Sumsal2022-05-301-1/+1
|
* basic: add helper function to print </==/>Zbigniew Jędrzejewski-Szmek2022-05-251-1/+1
|
* analyze: use '' instead of the empty string when showing versionsZbigniew Jędrzejewski-Szmek2022-05-251-2/+2
| | | | | | It looks like garbled output… I didn't use shell-escape, because the other characters that are special for the shell that are used in versions should not be escaped.
* analyze: add compare-versionsZbigniew Jędrzejewski-Szmek2022-05-194-0/+56
| | | | | | | | | | | The interface, output, and exit status convention are all taken directly from rpmdev-vercmp and dpkg --compare-versions. The implementation is different though. See test-string-util for a list of known cases where we compare strings incompatibly. The idea is that this string comparison function will be declared as "the" method to use for boot entry ordering in the specification and similar uses. Thus it's nice to allow users to compare strings.
* analyze: allow verbs to return positive failureZbigniew Jędrzejewski-Szmek2022-05-1918-28/+58
| | | | | | | | | No functional change is intended. The verbs where it wasn't immediately clear if the success exit status is 0 or >= 0 are changed to explicitly return 0. (I think it's better to be explicit than to rely on some call stack always returning 0 on success.) Some other functions are cleaned up to be more idiomatic.
* analyze: use automatic cleanup in one more placeZbigniew Jędrzejewski-Szmek2022-05-191-10/+5
|
* analyze: sort/fix header includes in one placeZbigniew Jędrzejewski-Szmek2022-05-192-4/+6
|
* analyze security: print DeviceAllow listLuca Boccassi2022-05-011-8/+20
| | | | | | | | Many sandboxing options add implicit DeviceAllow rules, which might be confusing for users running systemd-analyze security and not expecting it. Print the list. Fixes https://github.com/systemd/systemd/issues/23185
* analyze: fix crash with online security checkLuca Boccassi2022-05-011-7/+13
| | | | | | | | 1449b0f8a96b27 fixed seccomp arch check for the offline case, but broke it for the normal case, as when coming from D-Bus the list of seccomp architectures is already converted to string. Fixes https://github.com/systemd/systemd/issues/23224
View Lorry Controller Status