bpf-firewall: invert test

Following our coding style of exiting early (instead of deep nesting),
let's invert the if check here.

Inspired by: https://github.com/systemd/systemd/pull/21602#pullrequestreview-919960060

1 files changed, 11 insertions, 10 deletions

diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c
index edcfed1eb4..258d09dd45 100644
--- a/src/core/bpf-firewall.c
+++ b/src/core/bpf-firewall.c
@@ -927,16 +927,17 @@ void emit_bpf_firewall_warning(Unit *u) {
         assert(u);
         assert(u->manager);
 
-        if (!warned && !MANAGER_IS_TEST_RUN(u->manager)) {
-                bool quiet = bpf_firewall_unsupported_reason == -EPERM && detect_container() > 0;
-
-                log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
-                                    "unit configures an IP firewall, but %s.\n"
-                                    "(This warning is only shown for the first unit using IP firewalling.)",
-                                    getuid() != 0 ? "not running as root" :
-                                                    "the local system does not support BPF/cgroup firewalling");
-                warned = true;
-        }
+        if (warned || MANAGER_IS_TEST_RUN(u->manager))
+                return;
+
+        bool quiet = ERRNO_IS_PRIVILEGE(bpf_firewall_unsupported_reason) && detect_container() > 0;
+
+        log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
+                            "unit configures an IP firewall, but %s.\n"
+                            "(This warning is only shown for the first unit using IP firewalling.)",
+                            getuid() != 0 ? "not running as root" :
+                            "the local system does not support BPF/cgroup firewalling");
+        warned = true;
 }
 
 void bpf_firewall_close(Unit *u) {