systemd-stable

mirror of https://github.com/systemd/systemd-stable.git synced 2025-03-21 14:50:12 +03:00

Author	SHA1	Message	Date
Zbigniew Jędrzejewski-Szmek	1f1d7b0b3f	TEST-65: check cat-config operation in chroot This verifies the fix in 2075b6dd394e09a0f203b9cc7e3253908397f933. (cherry picked from commit a7eed3eca3d7bc022d870258deb2f738b9527c6d)	2023-01-26 09:12:21 +01:00
Frantisek Sumsal	52db431bdf	test: cover a couple of previously missed analyze code paths (cherry picked from commit 8b1879bcd0ed1168f5ad35a3dd0e213a31a2ee42)	2022-11-04 23:31:28 +00:00
Frantisek Sumsal	9a94348ee8	test: cover legacy/deprecated systemd-analyze verbs They're no longer documented since 26e1e97345 but still work. (cherry picked from commit 926d95cd4c209b8c292829511542b11d7c43e662)	2022-11-04 23:31:28 +00:00
Frantisek Sumsal	91d83b6e4e	test: add a sanity coverage for systemd-analyze verbs (cherry picked from commit 6c83054c0133eb53245e479d71589dceff76cf74)	2022-11-04 23:31:28 +00:00
Yu Watanabe	cf906beaef	test: add syscall filter tests for analyze security	2022-06-17 12:45:45 +09:00
Luca Boccassi	6a59dfa108	analyze security: print DeviceAllow list Many sandboxing options add implicit DeviceAllow rules, which might be confusing for users running systemd-analyze security and not expecting it. Print the list. Fixes https://github.com/systemd/systemd/issues/23185	2022-05-01 13:43:01 +09:00
Luca Boccassi	444d9abd06	analyze: fix crash with online security check 1449b0f8a96b27 fixed seccomp arch check for the offline case, but broke it for the normal case, as when coming from D-Bus the list of seccomp architectures is already converted to string. Fixes https://github.com/systemd/systemd/issues/23224	2022-05-01 11:47:44 +09:00
Luca Boccassi	1449b0f8a9	analyze: fix offline check for 'native' syscall architecture Enum values are stored in the set, not strings	2022-04-01 10:42:48 +01:00
Zbigniew Jędrzejewski-Szmek	ec1574cd8e	Merge pull request #21454 from bluca/inspect_elf analyze: add inspect-elf verb to parse package metadata	2021-12-06 12:45:25 +01:00
Luca Boccassi	cb94244406	test: run commands with debug level logs in TEST-65-ANALYZE	2021-12-01 12:06:36 +00:00
Luca Boccassi	917e655457	analyze: add inspect-elf verb to parse package metadata Parses and prints package metadata from executables, libraries and core files $ systemd-analyze inspect-elf /tmp/core ../fsverity-utils/fsverityb /bin/bash --json=off --no-pager __________________________ path: /tmp/core elfType: coredump elfArchitecture: AMD x86-64 module name: /tmp/crash type: deb name: hello version: 1.0 architecture: amd64 os: debian osVersion: 11 buildId: b33541096a09c29a0ba4ec5c69364a2711b7c269 module name: /usr/lib/x86_64-linux-gnu/libc-2.31.so type: deb name: hello version: 1.0 architecture: amd64 os: debian osVersion: 11 buildId: 54eef5ce96cf37cb175b0d93186836ca1caf470c module name: /usr/lib/x86_64-linux-gnu/ld-2.31.so type: deb name: hello version: 1.0 architecture: amd64 os: debian osVersion: 11 buildId: 32438eb3b034da54caf58c7a65446639f7cfe274 __________________________________________________________________ path: /home/luca/git/systemd/../fsverity-utils/fsverity elfType: executable elfArchitecture: AMD x86-64 type: deb name: fsverity-utils version: 1.3-1 architecture: amd64 os: debian debugInfoUrl: https://debuginfod.debian.net buildId: 05b899e6ee0d3653e20458719b202ed3ca8d566f _________________________ path: /bin/bash elfType: executable elfArchitecture: AMD x86-64 buildId: 4fef260f60e257d2dbd4126bf8add83837aea190 $ $ systemd-analyze inspect-elf /tmp/core ../fsverity-utils/fsverity /bin/bash /tmp/core.test-condition.1000.f9b9a84a9fd1482c9702d6afa6f6934b.37640.1637083078000000 --json=pretty --no-pager { "elfType" : "coredump", "elfArchitecture" : "AMD x86-64", "/home/bluca/git/fsverity-utils/fsverity" : { "type" : "deb", "name" : "fsverity-utils", "version" : "1.3-1", "buildId" : "7c895ecd2a271f93e96268f479fdc3c64a2ec4ee" }, "/home/bluca/git/fsverity-utils/libfsverity.so.0" : { "type" : "deb", "name" : "fsverity-utils", "version" : "1.3-1", "buildId" : "b5e428254abf14237b0ae70ed85fffbb98a78f88" } } { "elfType" : "executable", "elfArchitecture" : "AMD x86-64", "/home/bluca/git/systemd/../fsverity-utils/fsverity" : { "type" : "deb", "name" : "fsverity-utils", "version" : "1.3-1", "buildId" : "7c895ecd2a271f93e96268f479fdc3c64a2ec4ee" } } { "elfType" : "executable", "elfArchitecture" : "AMD x86-64", "/bin/bash" : { "buildId" : "3313b4cb119dcce16927a9b6cc61dcd97dfc4d59" } } { "elfType" : "coredump", "elfArchitecture" : "AMD x86-64" }	2021-11-30 23:14:07 +00:00
Luca Boccassi	0446921131	analyze: add --profile switch to security verb Allows to pass a portable profile when doing offline analysis of units. Especially useful for analyzing portable images, since a lot of the security-relevant settings in those cases come from the profiles, but they are not shipped in the portable images.	2021-11-26 18:17:26 +00:00
Albert Brox	da845dabf5	implement aliasing for systemd-analyze verify	2021-11-08 12:08:23 +00:00
Luca Boccassi	82100ef486	analyze: allow a custom policy to skip a check with weight=0 In some cases an offline analysis should ignore some fields, for example a portable service in an image will never list RootImage/RootDirectory, as they are added at runtime, and thus can be skipped.	2021-11-05 22:37:34 +00:00
Luca Boccassi	d54017e8f7	analyze: fix typos in test policy	2021-11-04 19:22:28 +00:00
Dimitri Papadopoulos	ba669952b2	Typos found by codespell	2021-10-20 22:20:18 +09:00
Zbigniew Jędrzejewski-Szmek	7b3cec95db	tests: add spdx headers to scripts and Makefiles	2021-10-18 09:04:45 +02:00
Anita Zhang	14bb729534	basic/unit-file: don't filter out names starting with dot Fixes #20859 Reverts 3796bdc55d6ba499d1049f749072218879e619a7	2021-09-29 14:42:13 +02:00
Luca Boccassi	7728f6aa81	test: rename TEST-63-ANALYZE to solve conflict Two PRs adding TEST-63-* were merged more or less at the same time, and we missed the conflict.	2021-09-08 10:12:03 +09:00

19 Commits