-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve systemd-analyze security a bit and other assorted bits #16640
Conversation
I was reading a summary of changes on Phoronix, and (while not incorrect) those two points were rather misleading.
assert(a); | ||
assert(info); | ||
assert(ret_badness); | ||
assert(ret_description); | ||
|
||
assert(a->parameter < _SYSCALL_FILTER_SET_MAX); | ||
f = syscall_filter_sets + a->parameter; | ||
const SyscallFilterSet *f = syscall_filter_sets + a->parameter; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why the newline?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The assert makes sure that the *f
assignment is OK.
The two variable declarations below are a separate thing.
This information was already available in the debug output, but I think it is good to include it in the message in the table. This makes it easier to wrap one's head around the allowlist/denylist filtering.
This comes up occasionally with new users. The phrase "Logs begin ..." is ambiguous because it can be taken to mean the logs being displayed or all logs (the intended meaning). Let's rephrase this as "Journal begins ..." to make this clearer.
Every time I was using this function I had to check whether "newline" means that newlines are good or bad.
c1a6085
to
3a193ac
Compare
Updated to always initialize |
No description provided.