1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00

analyze-verify: verify all executables

ExecStart= and friends for .service and .socket can be specified
multiple times.
This also checks all commands for .mount and .swap, not only for the
current control command.
This commit is contained in:
Yu Watanabe 2023-12-20 23:20:01 +09:00
parent 5183976cea
commit abf0ccc1c6
2 changed files with 22 additions and 7 deletions

View File

@ -201,19 +201,23 @@ static int verify_executables(Unit *u, const char *root) {
assert(u);
ExecCommand *exec =
u->type == UNIT_SOCKET ? SOCKET(u)->control_command :
u->type == UNIT_MOUNT ? MOUNT(u)->control_command :
u->type == UNIT_SWAP ? SWAP(u)->control_command : NULL;
RET_GATHER(r, verify_executable(u, exec, root));
if (u->type == UNIT_MOUNT)
FOREACH_ARRAY(i, MOUNT(u)->exec_command, ELEMENTSOF(MOUNT(u)->exec_command))
RET_GATHER(r, verify_executable(u, i, root));
if (u->type == UNIT_SERVICE)
FOREACH_ARRAY(i, SERVICE(u)->exec_command, ELEMENTSOF(SERVICE(u)->exec_command))
RET_GATHER(r, verify_executable(u, *i, root));
LIST_FOREACH(command, j, *i)
RET_GATHER(r, verify_executable(u, j, root));
if (u->type == UNIT_SOCKET)
FOREACH_ARRAY(i, SOCKET(u)->exec_command, ELEMENTSOF(SOCKET(u)->exec_command))
RET_GATHER(r, verify_executable(u, *i, root));
LIST_FOREACH(command, j, *i)
RET_GATHER(r, verify_executable(u, j, root));
if (u->type == UNIT_SWAP)
FOREACH_ARRAY(i, SWAP(u)->exec_command, ELEMENTSOF(SWAP(u)->exec_command))
RET_GATHER(r, verify_executable(u, i, root));
return r;
}

View File

@ -337,6 +337,17 @@ systemd-analyze verify /tmp/hoge@test.service
(! systemd-analyze verify /tmp/hoge@nonexist.service)
(! systemd-analyze verify /tmp/hoge@.service)
# test that all commands are verified.
cat <<EOF >/tmp/multi-exec-start.service
[Service]
Type=oneshot
ExecStart=true
ExecStart=ls
EOF
systemd-analyze verify /tmp/multi-exec-start.service
echo 'ExecStart=command-should-not-exist' >>/tmp/multi-exec-start.service
(! systemd-analyze verify /tmp/multi-exec-start.service)
# Added an additional "INVALID_ID" id to the .json to verify that nothing breaks when input is malformed
# The PrivateNetwork id description and weight was changed to verify that 'security' is actually reading in
# values from the .json file when required. The default weight for "PrivateNetwork" is 2500, and the new weight