1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 00:51:24 +03:00
Commit Graph

6365 Commits

Author SHA1 Message Date
Lennart Poettering
643006f62b man: document the new DefaultOOMScoreAdjust= setting 2021-10-04 16:27:11 +02:00
Lennart Poettering
d4a402e4f6 core: add a new setting DefaultOOMScoreAdjust= and set it to 100 above service manager's by default
Let's make our service managers slightly less likely to be killed by the
OOM killer by adjusting our services' OOM score adjustment to 100 above
ours. Do this conservatively, i.e. only for regular user sessions.
2021-10-04 16:27:10 +02:00
Luca Boccassi
9d0ad242b8 man/glib-event-glue example: relicense to CC0-1.0
All other examples were relicensed to CC0-1.0 since they are intended
to be copied and pasted anywhere without any restrictions.
Relicense the last one too.
2021-10-04 11:05:22 +02:00
Luca Boccassi
f4d74c6105 man: add licenses to all files that lack one
Documentation is licensed under LGPL-2.1-or-later.
Scripts are MIT to facilitate reuse.
Examples are relicensed to CC0-1.0 to maximise copy-and-paste
for users, with permission from authors.
2021-10-01 17:27:34 +01:00
Zbigniew Jędrzejewski-Szmek
8f5bcd615b licensing: add forgotten spdx headers
Those are all "our" files, but we forgot to add the headers,
most likely because of non-standard file extensions.
2021-10-01 14:45:00 +02:00
alexlzhu
fab79a85af docs: Fixing typo in systemd.device man page and README.
systemd-udevd.service listens to kernel uevents and is needed for device
units to be available.

systemd-udevd.service is misspelled as systemd-udev.service in a couple places.

Fixing typo.
2021-09-29 22:18:38 +01:00
Yu Watanabe
bfcc0fedd0
Merge pull request #20871 from mrc0mmand/udevadm-property-value
udev: teach udevadm --property=NAME and --value options
2021-09-30 00:05:02 +09:00
Marcel Menzel
3e90ded70c
doc: network: Move "Independent=" flag to the VXLAN section (#20881) 2021-09-29 23:19:20 +09:00
Lennart Poettering
e30a3ba16a core: drop "const" from NeedsDaemonReload unit dbus property
It's not "const", it can change any time if people change the fs, and we
don#t send out notifications for it. Hence don't claim it was const.
(Otherwise clients might cache it, but they should not)

Prompted-by: #20792
2021-09-29 14:37:07 +02:00
Frantisek Sumsal
6c1482b28d udev: teach udevadm --property=NAME and --value options
which allows limiting the properties listed by the `--query=property` option
(and optionally listing only the respective values).
2021-09-29 13:32:25 +02:00
Albert Brox
5918a93355 core: implement RuntimeMaxDeltaSec directive 2021-09-28 16:46:20 +02:00
alexlzhu
8c35c10d20 core: Add ExecSearchPath parameter to specify the directory relative to which binaries executed by Exec*= should be found
Currently there does not exist a way to specify a path relative to which
all binaries executed by Exec should be found. The only way is to
specify the absolute path.

This change implements the functionality to specify a path relative to which
binaries executed by Exec*= can be found.

Closes #6308
2021-09-28 14:52:27 +01:00
Lennart Poettering
49e9218ae3
Merge pull request #20768 from pdmorrow/shutdown_cgroup_ctrl
cgroups: apply StartupAllowedCPUs= and StartupAllowedMemoryNodes= during shutdown
2021-09-27 13:44:54 +02:00
Zbigniew Jędrzejewski-Szmek
66a0e22293
Merge pull request #20849 from keszybz/man-page-tags-and-links
Add license tags to doc pages, fixups and more internal links in man pages
2021-09-27 12:09:48 +02:00
Zbigniew Jędrzejewski-Szmek
d8e1613ed2 man: mention pages with more settings at end of each option list
For some unit types we have hundreds of options, and the reader may easily miss
that more options are described in other pages. We already mentioned this in
the introduction and then at the top of the option list, but it can't hurt to
repeat the information.

Also, add an (almost empty) Options section for the unit types which don't have
any custom options. It is nicer to have the same page structure in all cases,
so people can jump between pages for different types more easily.
2021-09-27 09:19:02 +02:00
Zbigniew Jędrzejewski-Szmek
18c7a1eb6c man: refresh description of sysvinit compat for services
The existing text must have been written before systemd-sysv-generator was
created. We don't create the wrappers dynamically since a long time.

Also add more links and make the description conditional on "if compat
is enabled".
2021-09-27 09:19:02 +02:00
Zbigniew Jędrzejewski-Szmek
880e1e0729 man: minor grammar fixups in systemd-cryptenroll 2021-09-27 09:19:02 +02:00
Zbigniew Jędrzejewski-Szmek
a14e028e86 man: cross-reference DeviceAllow= and PrivateDevices=
They are somewhat similar, but not easy to discover, esp. considering that
they are described in different pages.

For PrivateDevices=, split out the first paragraph that gives the high-level
overview. (The giant second paragraph could also use some heavy editing to break
it up into more digestible chunks, alas.)
2021-09-27 09:19:02 +02:00
Anssi Hannula
9376b2aab3 man: fix a reference in timedatectl man page
timedatectl(1) says the synchronization service list generation is
described "below", but in reality it is documented in
systemd-timedated.service(8).

Fix the sentence to reference the correct man page.
2021-09-24 18:35:42 +01:00
Peter Morrow
058a2d8f13 man: Startup* updates for systemd.resource-control
All Startup*= directives now also apply to the shutdown phase as well as
boot phase.
2021-09-24 15:09:54 +01:00
Anita Zhang
2b33e41aaf link: connect 5 more properties to ethtool features
Sets up the follow properties and their corresponding ethtool feature:
- ReceiveVLANCTAGHardwareAcceleration == rx-vlan-hw-parse (or rxvlan)
- TransmitVLANCTAGHardwareAcceleration == tx-vlan-hw-insert (or txvlan)
- ReceiveVLANCTAGFilter == rx-vlan-filter
- TransmitVLANSTAGHardwareAcceleration == tx-vlan-stag-hw-insert
- NTupleFilter == rx-ntuple-filter (or ntuple)
2021-09-24 20:40:23 +09:00
Lennart Poettering
99d51ed939 man: document the new systemd-boot drop-in driver dir logic 2021-09-23 17:24:28 +02:00
Lennart Poettering
b8cdb66279 man: the sd-boot menu is probably more "textual" then "graphical", hence don't lie
(also, most communication happens between boot loader and OS, only
seldom stuff goes the other way, hence mention that the boot loader
first)
2021-09-23 17:24:28 +02:00
Lennart Poettering
3f9a615dcf man: add man page for the systemd UEFI stub
Fixes: #17215
2021-09-23 17:24:28 +02:00
Yu Watanabe
3346eb1800
Merge pull request #20652 from OnkelUlla/fix_systemd.netdev_manpage
Some Fixes for SYSTEMD.NETDEV(5)
2021-09-22 15:34:21 +09:00
Zbigniew Jędrzejewski-Szmek
a7052c6e5c meson: fix creation of man pages indices
Fixes #20795. Bug introduced in f12c5d36a9.
2021-09-21 15:36:46 +01:00
Lennart Poettering
28078aa5cc
Merge pull request #20483 from medhefgo/boot
sd-boot: Add support for changing console mode at runtime
2021-09-16 00:03:41 +02:00
Jan Janssen
1b965abc66 sd-boot: Add support for changing console mode at runtime 2021-09-15 16:32:18 +02:00
Peter Morrow
c93a7d4ad3 docs: update docs with StartupAllowedCPUs and StartupAllowedMemoryNodes details
Signed-off-by: Peter Morrow <pemorrow@linux.microsoft.com>
2021-09-15 09:52:12 +01:00
Lennart Poettering
9a89ab26d6 man: extend documentation about TPM2 PCRs
This is an effort to compile a somewhat complete list how PCRs are
actually used on Linux systems these days. It contains data from: the
UEFI PC spec, the shim, the IMA, grub documentation.

I validated these PCRs to some level in the sources.

The grub specific stuff I only added in comments, since I was too lazy
too validate it (also, meh, grub).

It also gives people a hint on which PCR to bind to (and maybe kind of
an explanation of our default choice).
2021-09-14 17:37:06 +02:00
Yu Watanabe
e47bcb7d0b network: do not use RouteTable= in [DHCPv4] section for DHCPv6 routes
We forgot to add RouteTable= in [DHCPv6] section when we split [DHCP]
into two.
2021-09-14 17:51:19 +09:00
Lennart Poettering
215e19eb27 id128: clarify that the "well-known" IDs are about GPT partition types
At least for now they are all GPT partition types, and we should mention
that.
2021-09-10 13:39:16 +02:00
Ulrich Ölmann
489f01f806 man/systemd.netdev: adjust documentation of MAC addresses for bridges
In the past bridge devices used to be created with a generated MAC address
thwarting the inheritance of the first slave's MAC address. This has been
changed by commit [1] some time ago. Reflect that behavioral change in the
documentation.

[1] deb2cfa4c6 ("networkd: do not generate MAC for bridge device.")
2021-09-06 22:10:30 +02:00
Ulrich Ölmann
5c3e7c4a3b man/systemd.netdev: fix typos
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
2021-09-06 22:08:12 +02:00
Maanya Goenka
4b4a8ef741 systemd-analyze: add new option to generate JSON output of security analysis table
The new option --json= works with the 'security' verb and takes in one of three format flags.
These are off which is the default, pretty and short which use JSON format flags for output.
When set to true, it generates a JSON formatted output of the security analysis table. The
format is a JSON array with objects containing the following fields: set which indicates if
the id has been set or not, name which is what is used to refer to the id, json_field
which is the equivalent JSON formatted id name only used for JSON outputs, description which
is an outline of the id state, and exposure which is an unsigned integer in the range 0.0..10.0,
where a higher value corresponds to a higher security threat. The JSON version of the table is
printed on the standard output file.

Example Run:

The unit file testfile.service was created to test the --json= option

maanya-goenka@debian:~/systemd (json-security)$ cat <<EOF >testfile.service

> [Service]
> ExecStart = echo hello
> PrivateNetwork = yes
> PrivateMounts = yes
> PrivateDevices = yes
> EOF

Both the JSON output and the security analysis table below have been truncated to increase readability.
1. Testing for when --json=off

maanya-goenka@debian:~/systemd (json-security)$ sudo build/systemd-analyze security --json=off --root= --offline=true
testfile.service --no-pager

/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
unit file, and consider removing the setting altogether.
/home/maanya-goenka/systemd/foo.service:2: Unknown key name 'foo' in section 'Unit', ignoring.

    NAME                                                      DESCRIPTION                                                       EXPOSURE
✓   PrivateNetwork=                                           Service has no access to the host's network
✗   User=/DynamicUser=                                        Service runs as root user                                              0.4
✗   CapabilityBoundingSet=~CAP_SET(UID|GID|PCAP)              Service may change UID/GID identities/capabilities                     0.3
✗   CapabilityBoundingSet=~CAP_NET_ADMIN                      Service has administrator privileges                                   0.3

→ Overall exposure level for testfile.service: 8.3 EXPOSED 🙁

2. Testing for when --json=pretty

maanya-goenka@debian:~/systemd (json-security)$ sudo build/systemd-analyze security --json=pretty --root= --offline=true
testfile.service

/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
unit file, and consider removing the setting altogether.
/home/maanya-goenka/systemd/foo.service:2: Unknown key name 'foo' in section 'Unit', ignoring.

[
        {
                "set" : true,
                "name" : "PrivateNetwork=",
		"json-field" : "PrivateNetwork",
                "description" : "Service has no access to the host's network",
                "exposure" : null
        },
        {
                "set" : false,
                "name" : "User=/DynamicUser=",
		"json-field" : "UserOrDynamicUser",
                "decsription" : "Service runs as root user",
                "exposure" : "0.4"
        },
        {
                "set" : false,
                "name" : "CapabilityBoundingSet=~CAP_SET(UID|GID|PCAP)",
		"json_field" : "CapabilityBoundingSet_CAP_SET_UID_GID_PCAP",
                "description" : "Service may change UID/GID identities/capabilities",
                "exposure" : "0.3"
        },
        {
                "set" : false,
                "name" : "CapabilityBoundingSet=~CAP_NET_ADMIN",
		"json_field" : "CapabilityBoundingSet_CAP_NET_ADMIN",
                "description" : "Service has administrator privileges",
                "exposure" : "0.3"
        },
        ...
]

3. Testing for when --json=short

maanya-goenka@debian:~/systemd (json-security)$ sudo build/systemd-analyze security --json=short --root= --offline=true
testfile.service

/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
unit file, and consider removing the setting altogether.
/home/maanya-goenka/systemd/foo.service:2: Unknown key name 'foo' in section 'Unit', ignoring.

[{"set":true,"name":"PrivateNetwork=", "json_field":"PrivateNetwork", "description":"Service has no access to the host's network","exposure":null}, ...]
2021-09-06 19:55:27 +01:00
Kyle Laker
c1e6f21556
systemd-analyze: use config value in RestrictNamespaces id (#20645)
For most fields, the text shown by `.id` is the value that should be set
in the unit file; however, for RestrictNamespaces, it is not. Changing
this to show the actual text makes it more clear to a user what the
actual change that needs to be made to the unit file is.
2021-09-06 17:33:16 +02:00
Yu Watanabe
57aef9d737 network: introduce KeepMaster= setting
Closes #20624.
2021-09-04 00:23:20 +09:00
Yu Watanabe
a94ed9bd62 man: drop unnecessary white space 2021-09-04 00:20:36 +09:00
Daan De Meyer
8de7929de5 mkosi: Add zsh to Arch packages
Useful for testing zsh completion changes.
2021-09-01 10:01:18 +02:00
Maanya Goenka
ecfd082b71 systemd-analyze: add new 'security' option to allow user to choose custom requirements
A new option --security-policy= is added to work with the 'security' verb in order to enable
users to create and pass in a JSON file consisting of user defined requirements
against which to compare the specified unit file(s). These requirements then serve
as the measure of security threats for the file instead of the initial hard coded set of
requirements that the 'security' verb of systemd-analyze relied on.

Example Run:

A snapshot of the user defined testfile.json file is shown below instead of the complete file
for readability purposes.

{
"PrivateDevices":
    {"description_good": "Service has no access to hardware devices",
    "description_bad": "Service potentially has access to hardware devices",
    "weight": 1000,
    "range": 1
    },
"PrivateMounts":
    {"description_good": "Service cannot install system mounts",
    "description_bad": "Service may install system mounts",
    "weight": 1000,
    "range": 1
    },
"PrivateNetwork":
    {"description_good": "Service has no access to the host's network",
    "description_bad": "Service has access to the host's network",
    "weight": 2500,
    "range": 1
    },
"PrivateTmp":
    {"description_good": "Service has no access to other software's temporary files",
    "description_bad": "Service has access to other software's temporary files",
    "weight": 1000,
    "range": 1
    },
"PrivateUsers":
    {"description_good": "Service does not have access to other users",
    "description_bad": "Service has access to other users",
    "weight": 1000,
    "range": 1
    }
}

1. I created the jsontest.service file in order to test the --security-policy= option as follows:

maanya-goenka@debian:~/systemd (custom-security)$ cat<<EOF>jsontest.service
> [Service]
> ExecStart = echo hello
> PrivateNetwork = yes
> PrivateDevices = yes
> PrivateMounts = yes
> EOF

The security analysis table outputted below has been truncated to include only the first few lines for readability.

maanya-goenka@debian:~/systemd (custom-security)$ sudo build/systemd-analyze security --root= --offline=true
--security-policy=src/analyze/testfile.json jsontest.service
/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
unit file, and consider removing the setting altogether.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

  NAME                                                         DESCRIPTION
✓ PrivateNetwork                                               Service has no access to the host's network
✗ UserOrDynamicUser                                            Service runs as root user
✗ CapabilityBoundingSet_CAP_SET_UID_GID_PCAP                   Service may change UID/GID identities/capabilities
✓ PrivateMounts                                                Service cannot install system mounts
✓ PrivateDevices                                               Service has no access to hardware devices

→ Overall exposure level for jsontest.service: 8.3 EXPOSED 🙁

maanya-goenka@debian:~/systemd (custom-security)$ echo $? 0

2. In order to ensure that the JSON data was actually being correctly parsed, I made some changes to the JSON
file, specifically to the id "PrivateNetwork" as follows:

Before:
--------

"PrivateNetwork":
    {"description_good": "Service has no access to the host's network",
    "description_bad": "Service has access to the host's network",
    "weight": 2500,
    "range": 1
    }

After:
--------

"PrivateNetwork":
    {"description_good": "Service runs without access to host network",
    "description_bad": "Service has access to the host's network",
    "weight": 6000,
    "range": 1
    }

As expected, the new description for the description_good field of the Private Network id was updated in
the analysis table outputted below and the overall exposure level of the unit file decreased because
the weight assigned to 'Private Network' (which is set to yes) increased from 2500 to 6000.

maanya-goenka@debian:~/systemd (custom-security)$ sudo build/systemd-analyze security --root= --offline=true
--security-policy=src/analyze/testfile.json jsontest.service

/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
unit file, and consider removing the setting altogether.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

  NAME                                                         DESCRIPTION
✓ PrivateNetwork                                               Service runs without access to the host's network
✗ UserOrDynamicUser                                            Service runs as root user
✗ CapabilityBoundingSet_CAP_SET_UID_GID_PCAP                   Service may change UID/GID identities/capabilities
✓ PrivateMounts                                                Service cannot install system mounts
✓ PrivateDevices                                               Service has no access to hardware devices

→ Overall exposure level for jsontest.service: 7.8 EXPOSED 🙁

maanya-goenka@debian:~/systemd (custom-security)$ echo $? 0

3. When paired with security's --threshold= option, systemd-analyze exits with a non-zero error status indicating
that the overall exposure level for the unit file (=78) is greater than the set threshold (=70). The same
jsontest.service file is used for the demo run below:

maanya-goenka@debian:~/systemd (custom-security)$ sudo build/systemd-analyze security --root= --offline=true
--security-policy=src/analyze/testfile.json --threshold=70 jsontest.service

/usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
/usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
unit file, and consider removing the setting altogether.
/usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

  NAME                                                         DESCRIPTION
✓ PrivateNetwork                                               Service runs without access to host network
✗ UserOrDynamicUser                                            Service runs as root user
✗ CapabilityBoundingSet_CAP_SET_UID_GID_PCAP                   Service may change UID/GID identities/capabilities
✓ PrivateMounts                                                Service cannot install system mounts
✓ PrivateDevices                                               Service has no access to hardware devices

→ Overall exposure level for jsontest.service: 7.8 EXPOSED 🙁

maanya-goenka@debian:~/systemd (custom-security)$ echo $? 1

new option
2021-08-31 08:02:08 -07:00
Kristian Klausen
b00651cf43 gpt-auto-generator: Use volatile-root by default and automatic logic as fallback
Previously volatile-root was only checked if "/" wasn't backed by a
block device, but the block device isn't necessarily original root block
device (ex: if the rootfs is copied to a ext4 fs backed by zram in the
initramfs), so we always want volatile-root checked.

So shuffle the code around so volatile-root is checked first and
fallback to the automatic logic.

Fix #20557
2021-08-31 13:52:52 +09:00
Thomas Mühlbacher
fee1863c83 man: Don't leak memory in path-documents example
The `sd_path_lookup(3)` man page states that the returned string shall be
`free(3)`'d but then doesn't do so in the example code.

Also add basic error handling as well.
2021-08-31 13:44:49 +09:00
Tom Yan
c918b70a4d network: default LinkLocalAddresssing= to no for link stacked with a passthru mode MACVLAN/MACVTAP
For similar reason to the case of a bridge slave: we don't want any IP configuration for it.
2021-08-26 06:11:41 +09:00
Zbigniew Jędrzejewski-Szmek
c8cab396a0 man: adjust the description of extension-release.* 2021-08-24 15:39:17 +02:00
Zbigniew Jędrzejewski-Szmek
6a15846d10 man: fix minor grammar issue
The usual: "searched" vs. "searched for".
2021-08-24 14:53:26 +02:00
Yu Watanabe
c995fa02b1 network: dhcp4,ndisc: make addresses in Allow/DenyList= optionally take prefix length
Closes #20505.
2021-08-23 20:36:09 +09:00
Yu Watanabe
d4e30ad1fb tree-wide: fix typo 2021-08-22 09:46:22 +01:00
Yu Watanabe
cc97ef5627
Merge pull request #20494 from bluca/snprintf_voidify
tree-wide: voidify unchecked snprintf calls or use snprintf_ok
2021-08-21 06:45:58 +09:00
Yu Watanabe
0e0e57a484
Merge pull request #20484 from DaanDeMeyer/rx-gro-hw
Add rx-gro-hw support
2021-08-21 06:43:49 +09:00
Maanya Goenka
dfbda8799c systemd-analyze: add new 'security' option to compare unit's overall exposure level with
--threshold option added to work with security verb and with the --offline option so that
users can determine what qualifies as a security threat. The threshold set by the user is
compared with the overall exposure level assigned to a unit file and if the exposure is
higher than the threshold, 'security' will return a non-zero exit status. The default value
of the --threshold option is 100.

Example Run:

1. testcase.service is a unit file created for testing the --threshold option

    maanya-goenka@debian:~/systemd (systemd-security)$ cat<<EOF>testcase.service

    > [Service]
    > ExecStart = echo hello
    > EOF

    For the purposes of this demo, the security table outputted below has been cut to show only the first two security settings.

    maanya-goenka@debian:~/systemd (systemd-security)$ sudo build/systemd-analyze security --offline=true testcase.service
    /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
    process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
    Support for KillMode=none is deprecated and will eventually be removed.
    /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
    unit file, and consider removing the setting altogether.
    /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
    /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

      NAME                                        DESCRIPTION                                                       EXPOSURE
    ✗ PrivateNetwork=                             Service has access to the host's network                          0.5
    ✗ User=/DynamicUser=                          Service runs as root user                                         0.4

    → Overall exposure level for testcase.service: 9.6 UNSAFE 😨

    maanya-goenka@debian:~/systemd (systemd-security)$ echo $? 0

2. Next, we use the same testcase.service file but add an additional --threshold=60 parameter. We would expect 'security' to exit
   with a non-zero status because the overall exposure level (= 96) is higher than the set threshold (= 60).

    maanya-goenka@debian:~/systemd (systemd-security)$ sudo build/systemd-analyze security --offline=true --threshold=60 testcase.service
    /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's
    process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'.
    Support for KillMode=none is deprecated and will eventually be removed.
    /usr/lib/systemd/system/gdm.service:30: Standard output type syslog is obsolete, automatically updating to journal. Please update your
    unit file, and consider removing the setting altogether.
    /usr/lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating
    /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.

      NAME                                        DESCRIPTION                                                       EXPOSURE
    ✗ PrivateNetwork=                             Service has access to the host's network                          0.5
    ✗ User=/DynamicUser=                          Service runs as root user                                         0.4

    → Overall exposure level for testcase.service: 9.6 UNSAFE 😨

    maanya-goenka@debian:~/systemd (systemd-security)$ echo $? 1
2021-08-20 10:59:13 -07:00