diff options
author | Lennart Poettering <lennart@poettering.net> | 2022-03-24 10:46:40 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2022-03-24 13:54:50 +0100 |
commit | d01133125cd74dd9f10504650b60270937549553 (patch) | |
tree | ee917edb7733d919b1a757e50bc1928da3a4b20e /src/core/bpf-firewall.c | |
parent | bbd26200220b8b352f2d04cfe96fa0788ad1661f (diff) | |
download | systemd-d01133125cd74dd9f10504650b60270937549553.tar.gz |
bpf-firewall: invert test
Following our coding style of exiting early (instead of deep nesting),
let's invert the if check here.
Inspired by: https://github.com/systemd/systemd/pull/21602#pullrequestreview-919960060
Diffstat (limited to 'src/core/bpf-firewall.c')
-rw-r--r-- | src/core/bpf-firewall.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c index edcfed1eb4..258d09dd45 100644 --- a/src/core/bpf-firewall.c +++ b/src/core/bpf-firewall.c @@ -927,16 +927,17 @@ void emit_bpf_firewall_warning(Unit *u) { assert(u); assert(u->manager); - if (!warned && !MANAGER_IS_TEST_RUN(u->manager)) { - bool quiet = bpf_firewall_unsupported_reason == -EPERM && detect_container() > 0; - - log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason, - "unit configures an IP firewall, but %s.\n" - "(This warning is only shown for the first unit using IP firewalling.)", - getuid() != 0 ? "not running as root" : - "the local system does not support BPF/cgroup firewalling"); - warned = true; - } + if (warned || MANAGER_IS_TEST_RUN(u->manager)) + return; + + bool quiet = ERRNO_IS_PRIVILEGE(bpf_firewall_unsupported_reason) && detect_container() > 0; + + log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason, + "unit configures an IP firewall, but %s.\n" + "(This warning is only shown for the first unit using IP firewalling.)", + getuid() != 0 ? "not running as root" : + "the local system does not support BPF/cgroup firewalling"); + warned = true; } void bpf_firewall_close(Unit *u) { |