diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml
index 4c3b6d173b..c0b6b477d6 100644
--- a/man/systemd-analyze.xml
+++ b/man/systemd-analyze.xml
@@ -1197,6 +1197,12 @@ $ systemd-analyze verify /tmp/source:alias.service
+
+
+
+ Suppress hints and other non-essential output.
+
+
diff --git a/shell-completion/bash/systemd-analyze b/shell-completion/bash/systemd-analyze
index 3022d4058b..1972441386 100644
--- a/shell-completion/bash/systemd-analyze
+++ b/shell-completion/bash/systemd-analyze
@@ -50,7 +50,7 @@ _systemd_analyze() {
local -A OPTS=(
[STANDALONE]='-h --help --version --system --user --global --order --require --no-pager
- --man=no --generators=yes'
+ --man=no --generators=yes --quiet'
[ARG]='-H --host -M --machine --fuzz --from-pattern --to-pattern --root'
)
diff --git a/shell-completion/zsh/_systemd-analyze b/shell-completion/zsh/_systemd-analyze
index 75d35e115a..468fd0e582 100644
--- a/shell-completion/zsh/_systemd-analyze
+++ b/shell-completion/zsh/_systemd-analyze
@@ -1,32 +1,11 @@
#compdef systemd-analyze
# SPDX-License-Identifier: LGPL-2.1-or-later
-(( $+functions[_systemd-analyze_log-level] )) ||
- _systemd-analyze_log-level() {
- local -a _levels
- _levels=(debug info notice warning err crit alert emerg)
- _describe -t level 'logging level' _levels || compadd "$@"
- }
-
-(( $+functions[_systemd-analyze_log-target] )) ||
- _systemd-analyze_log-target() {
- local -a _targets
- _targets=(console journal kmsg journal-or-kmsg null)
- _describe -t target 'logging target' _targets || compadd "$@"
- }
-
(( $+functions[_systemd-analyze_verify] )) ||
_systemd-analyze_verify() {
_sd_unit_files
}
-(( $+functions[_systemd-analyze_service-watchdogs] )) ||
- _systemd-analyze_service-watchdogs() {
- local -a _states
- _states=(on off)
- _describe -t state 'state' _states || compadd "$@"
- }
-
(( $+functions[_systemd-analyze_cat-config] )) ||
_systemd-analyze_cat-config() {
_files -W '(/run/systemd/ /etc/systemd/ /usr/lib/systemd/)' -P 'systemd/'
@@ -37,6 +16,20 @@
_sd_unit_files
}
+(( $+functions[_systemd-analyze_syscall-filter] )) ||
+ _systemd-analyze_syscall-filter() {
+ local -a _groups
+ _groups=( $(systemd-analyze --quiet --no-pager syscall-filter | grep '^@') )
+ _describe -t groups 'syscall groups' _groups || compadd "$@"
+ }
+
+(( $+functions[_systemd-analyze_filesystems] )) ||
+ _systemd-analyze_filesystems() {
+ local -a _groups
+ _groups=( $(systemd-analyze --quiet --no-pager filesystems | grep '^@') )
+ _describe -t groups 'file system groups' _groups || compadd "$@"
+ }
+
(( $+functions[_systemd-analyze_commands] )) ||
_systemd-analyze_commands(){
local -a _systemd_analyze_cmds
@@ -52,16 +45,16 @@
'unit-files:List files and symlinks for units'
'unit-paths:List unit load paths'
'exit-status:List known exit statuses'
- 'syscall-filter:List syscalls in seccomp filter'
+ 'capability:List capability definitions'
+ 'syscall-filter:List syscalls in seccomp filters'
+ 'filesystems:List known filesystems'
'condition:Evaluate Condition*= and Assert*= assignments'
'verify:Check unit files for correctness'
'calendar:Validate repetitive calendar time events'
'timestamp:Parse a systemd syntax timestamp'
'timespan:Parse a systemd syntax timespan'
'security:Analyze security settings of a service'
- # 'log-level:Get/set systemd log threshold'
- # 'log-target:Get/set systemd log target'
- # 'service-watchdogs:Get/set service watchdog status'
+ # log-level, log-target, service-watchdogs have been deprecated
)
if (( CURRENT == 1 )); then
@@ -90,12 +83,13 @@ _arguments \
'--root=[Add support for root argument]:PATH' \
'--image=[Add support for discrete images]:PATH' \
'--recursive-errors=[When verifying a unit, control dependency verification]:MODE' \
- '--offline=[Perform a security review of the specified unit file(s)]:BOOL' \
+ '--offline=[Perform a security review of the specified unit files]:BOOL:(yes no)' \
'--threshold=[Set a value to compare the overall security exposure level with]: NUMBER' \
'--security-policy=[Allow user to use customized requirements to compare unit file(s) against]: PATH' \
'--json=[Generate a JSON output of the security analysis table]:MODE:(pretty short off)' \
'--no-pager[Do not pipe output into a pager]' \
- '--man=[Do (not) check for existence of man pages]:boolean:(1 0)' \
+ '--man=[Do (not) check for existence of man pages]:BOOL:(yes no)' \
+ '--generators=[Do (not) run unit generators]:BOOL:(yes no)' \
'--order[When generating graph for dot, show only order]' \
'--require[When generating graph for dot, show only requirement]' \
'--fuzz=[When printing the tree of the critical chain, print also services, which finished TIMESPAN earlier, than the latest in the branch]:TIMESPAN' \
@@ -103,4 +97,5 @@ _arguments \
'--to-pattern=[When generating a dependency graph, filter only destinations]:GLOB' \
{-H+,--host=}'[Operate on remote host]:userathost:_sd_hosts_or_user_at_host' \
{-M+,--machine=}'[Operate on local container]:machine:_sd_machines' \
+ '--quiet[Do not show hints]' \
'*::systemd-analyze commands:_systemd-analyze_commands'
diff --git a/shell-completion/zsh/_udevadm b/shell-completion/zsh/_udevadm
index eac56c7048..14efe24808 100644
--- a/shell-completion/zsh/_udevadm
+++ b/shell-completion/zsh/_udevadm
@@ -103,20 +103,20 @@ _udevadm_test-builtin(){
(( $+functions[_udevadm_mounts] )) ||
_udevadm_mounts(){
- local dev_tmp dpath_tmp mp_tmp mline
+ local dev_tmp dpath_tmp mp_tmp mline
tmp=( "${(@f)$(< /proc/self/mounts)}" )
dev_tmp=( "${(@)${(@)tmp%% *}:#none}" )
mp_tmp=( "${(@)${(@)tmp#* }%% *}" )
- local MATCH
- mp_tmp=("${(@q)mp_tmp//(#m)\\[0-7](#c3)/${(#)$(( 8#${MATCH[2,-1]} ))}}")
- dpath_tmp=( "${(@Mq)dev_tmp:#/*}" )
- dev_tmp=( "${(@q)dev_tmp:#/*}" )
+ local MATCH
+ mp_tmp=("${(@q)mp_tmp//(#m)\\[0-7](#c3)/${(#)$(( 8#${MATCH[2,-1]} ))}}")
+ dpath_tmp=( "${(@Mq)dev_tmp:#/*}" )
+ dev_tmp=( "${(@q)dev_tmp:#/*}" )
- _alternative \
- 'device-paths: device path:compadd -a dpath_tmp' \
- 'directories:mount point:compadd -a mp_tmp'
+ _alternative \
+ 'device-paths: device path:compadd -a dpath_tmp' \
+ 'directories:mount point:compadd -a mp_tmp'
}
(( $+functions[_udevadm_commands] )) ||
diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
index 3801cf0ead..740faa507b 100644
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -104,6 +104,7 @@ static unsigned arg_iterations = 1;
static usec_t arg_base_time = USEC_INFINITY;
static char *arg_unit = NULL;
static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF;
+static bool arg_quiet = false;
STATIC_DESTRUCTOR_REGISTER(arg_dot_from_patterns, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_dot_to_patterns, strv_freep);
@@ -1361,7 +1362,7 @@ static int dot(int argc, char *argv[], void *userdata) {
" red = Conflicts\n"
" green = After\n");
- if (on_tty())
+ if (on_tty() && !arg_quiet)
log_notice("-- You probably want to process this output with graphviz' dot tool.\n"
"-- Try a shell pipeline like 'systemd-analyze dot | dot -Tsvg > systemd.svg'!\n");
@@ -1707,13 +1708,14 @@ static int dump_syscall_filters(int argc, char *argv[], void *userdata) {
if (strv_isempty(strv_skip(argv, 1))) {
_cleanup_set_free_ Set *kernel = NULL, *known = NULL;
const char *sys;
- int k;
+ int k = 0; /* explicit initialization to appease gcc */
NULSTR_FOREACH(sys, syscall_filter_sets[SYSCALL_FILTER_SET_KNOWN].value)
if (set_put_strdup(&known, sys) < 0)
return log_oom();
- k = load_kernel_syscalls(&kernel);
+ if (!arg_quiet)
+ k = load_kernel_syscalls(&kernel);
for (int i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
const SyscallFilterSet *set = syscall_filter_sets + i;
@@ -1727,6 +1729,9 @@ static int dump_syscall_filters(int argc, char *argv[], void *userdata) {
first = false;
}
+ if (arg_quiet) /* Let's not show the extra stuff in quiet mode */
+ return 0;
+
if (!set_isempty(known)) {
_cleanup_free_ char **l = NULL;
char **syscall;
@@ -1748,7 +1753,8 @@ static int dump_syscall_filters(int argc, char *argv[], void *userdata) {
if (k < 0) {
fputc('\n', stdout);
fflush(stdout);
- log_notice_errno(k, "# Not showing unlisted system calls, couldn't retrieve kernel system call list: %m");
+ if (!arg_quiet)
+ log_notice_errno(k, "# Not showing unlisted system calls, couldn't retrieve kernel system call list: %m");
} else if (!set_isempty(kernel)) {
_cleanup_free_ char **l = NULL;
char **syscall;
@@ -1800,8 +1806,8 @@ static int dump_syscall_filters(int argc, char *argv[], void *userdata) {
static int load_available_kernel_filesystems(Set **ret) {
_cleanup_set_free_ Set *filesystems = NULL;
+ _cleanup_free_ char *t = NULL;
int r;
- char *t;
assert(ret);
@@ -1930,6 +1936,9 @@ static int dump_filesystems(int argc, char *argv[], void *userdata) {
first = false;
}
+ if (arg_quiet) /* Let's not show the extra stuff in quiet mode */
+ return 0;
+
if (!set_isempty(known)) {
_cleanup_free_ char **l = NULL;
char **filesystem;
@@ -2090,7 +2099,7 @@ static int dump_timespan(int argc, char *argv[], void *userdata) {
putchar('\n');
}
- return EXIT_SUCCESS;
+ return 0;
}
static int test_timestamp_one(const char *p) {
@@ -2452,9 +2461,8 @@ static int help(int argc, char *argv[], void *userdata) {
" unit-paths List load directories for units\n"
" exit-status [STATUS...] List exit status definitions\n"
" capability [CAP...] List capability definitions\n"
- " syscall-filter [NAME...] Print list of syscalls in seccomp\n"
- " filter\n"
- " filesystems [NAME...] Print list of filesystems\n"
+ " syscall-filter [NAME...] List syscalls in seccomp filters\n"
+ " filesystems [NAME...] List known filesystems\n"
" condition CONDITION... Evaluate conditions and asserts\n"
" verify FILE... Check unit files for correctness\n"
" calendar SPEC... Validate repetitive calendar time\n"
@@ -2463,12 +2471,10 @@ static int help(int argc, char *argv[], void *userdata) {
" timespan SPAN... Validate a time span\n"
" security [UNIT...] Analyze security of unit\n"
"\nOptions:\n"
- " -h --help Show this help\n"
" --recursive-errors=MODE Control which units are verified\n"
" --offline=BOOL Perform a security review on unit file(s)\n"
" --threshold=N Exit with a non-zero status when overall\n"
" exposure level is over threshold value\n"
- " --version Show package version\n"
" --security-policy=PATH Use custom JSON security policy instead\n"
" of built-in one\n"
" --json=pretty|short|off Generate JSON output of the security\n"
@@ -2491,6 +2497,9 @@ static int help(int argc, char *argv[], void *userdata) {
" --iterations=N Show the specified number of iterations\n"
" --base-time=TIMESTAMP Calculate calendar times relative to\n"
" specified time\n"
+ " -h --help Show this help\n"
+ " --version Show package version\n"
+ " -q --quiet Do not emit hints\n"
"\nSee the %s for details.\n",
program_invocation_short_name,
ansi_highlight(),
@@ -2532,6 +2541,7 @@ static int parse_argv(int argc, char *argv[]) {
static const struct option options[] = {
{ "help", no_argument, NULL, 'h' },
{ "version", no_argument, NULL, ARG_VERSION },
+ { "quiet", no_argument, NULL, 'q' },
{ "order", no_argument, NULL, ARG_ORDER },
{ "require", no_argument, NULL, ARG_REQUIRE },
{ "root", required_argument, NULL, ARG_ROOT },
@@ -2569,6 +2579,13 @@ static int parse_argv(int argc, char *argv[]) {
case 'h':
return help(0, NULL, NULL);
+ case ARG_VERSION:
+ return version();
+
+ case 'q':
+ arg_quiet = true;
+ break;
+
case ARG_RECURSIVE_ERRORS:
if (streq(optarg, "help")) {
DUMP_STRING_TABLE(recursive_errors, RecursiveErrors, _RECURSIVE_ERRORS_MAX);
@@ -2581,9 +2598,6 @@ static int parse_argv(int argc, char *argv[]) {
arg_recursive_errors = r;
break;
- case ARG_VERSION:
- return version();
-
case ARG_ROOT:
r = parse_path_argument(optarg, /* suppress_root= */ true, &arg_root);
if (r < 0)
diff --git a/src/basic/generate-filesystem-switch-case.py b/src/basic/generate-filesystem-switch-case.py
index 73b1d65657..bbd09228e1 100755
--- a/src/basic/generate-filesystem-switch-case.py
+++ b/src/basic/generate-filesystem-switch-case.py
@@ -7,32 +7,22 @@ import sys
def filter_fsname(name):
# File system magics are sometimes not unique, because file systems got new
# revisions or got renamed. Let's prefer newer over older here, and thus
- # ignore the old names. Specifically:
- #
- # → cgroupfs took over the magic of cpuset
- # → devtmpfs is not a file system of its own, but just a "named superblock" of tmpfs
- # → ext4 is the newest revision of ext2 + ext3
- # → fuseblk is closely related to fuse, so close that they share a single magic, but the latter is more common
- # → gfs2 is the newest revision of gfs
- # → vfat is the newest revision of msdos
- # → ncpfs (not ncp) was the last name of the netware `file_system_type` name before it was removed in 2018
- # → nfs4 is the newest revision of nfs
- # → orangefs is the new name of pvfs2
- # → smb3 is an alias for cifs
+ # ignore the old names.
- return name in (
- "cpuset",
- "devtmpfs",
- "ext2",
+ return name in {
+ "cpuset", # magic taken over by cgroupfs
+ "devtmpfs", # not a file system of its own, but just a "named superblock" of tmpfs
+ "ext2", # ext4 is the newest revision of ext2 + ext3
"ext3",
- "fuseblk",
- "gfs",
- "msdos",
- "ncp",
- "nfs",
- "pvfs2",
- "smb3",
- )
+ "fuseblk", # closely related to fuse; they share a single magic, but the latter is more common
+ "gfs", # magic taken over by gfs2
+ "msdos", # vfat is the newest revision of msdos
+ "ncp", # ncpfs (not ncp) was the last name of the netware `file_system_type`
+ # name before it was removed in 2018
+ "nfs", # nfs4 is the newest revision of nfs
+ "pvfs2", # orangefs is the new name of pvfs2
+ "smb3", # smb3 is an alias for cifs
+ }
gperf_file = sys.argv[1]
diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c
index c813a4f56f..82a33a6829 100644
--- a/src/basic/mountpoint-util.c
+++ b/src/basic/mountpoint-util.c
@@ -411,6 +411,7 @@ bool fstype_is_ro(const char *fstype) {
/* All Linux file systems that are necessarily read-only */
return STR_IN_SET(fstype,
"DM_verity_hash",
+ "cramfs",
"erofs",
"iso9660",
"squashfs");
@@ -419,6 +420,7 @@ bool fstype_is_ro(const char *fstype) {
bool fstype_can_discard(const char *fstype) {
return STR_IN_SET(fstype,
"btrfs",
+ "f2fs",
"ext4",
"vfat",
"xfs");