diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2021-12-01 21:34:37 +0900 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2021-12-01 21:38:54 +0900 |
| commit | 3de3fd3d16c03c7785befc142ac2909d516a3253 (patch) | |
| tree | 7d0475f121858a434be95267c1d483aac8b06da7 /src/core/restrict-ifaces.c | |
| parent | 99f8a6d7f58c9edb00b3d214b685987444dc3931 (diff) | |
| download | systemd-3de3fd3d16c03c7785befc142ac2909d516a3253.tar.gz | |
core/restrict-netif: make restrict_network_interfaces_supported() return negative errno only when critical error
Other errors are handled as the functionality is not supported.
This also drops unnecessary SYNTHETIC_ERRNO().
Diffstat (limited to 'src/core/restrict-ifaces.c')
| -rw-r--r-- | src/core/restrict-ifaces.c | 30 |
1 files changed, 12 insertions, 18 deletions
diff --git a/src/core/restrict-ifaces.c b/src/core/restrict-ifaces.c index ea8033c318..a17c5d2bf7 100644 --- a/src/core/restrict-ifaces.c +++ b/src/core/restrict-ifaces.c @@ -66,41 +66,35 @@ static int prepare_restrict_ifaces_bpf(Unit* u, bool is_allow_list, int restrict_network_interfaces_supported(void) { _cleanup_(restrict_ifaces_bpf_freep) struct restrict_ifaces_bpf *obj = NULL; - int r; static int supported = -1; + int r; if (supported >= 0) return supported; r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER); - if (r < 0) { - log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m"); - supported = 0; - return supported; - } + if (r < 0) + return log_error_errno(r, "Can't determine whether the unified hierarchy is used: %m"); if (r == 0) { - log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), - "Not running with unified cgroup hierarchy, BPF is not supported"); - supported = 0; - return supported; + log_debug("Not running with unified cgroup hierarchy, BPF is not supported"); + return supported = 0; } if (dlopen_bpf() < 0) return false; if (!sym_bpf_probe_prog_type(BPF_PROG_TYPE_CGROUP_SKB, /*ifindex=*/0)) { - log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), - "BPF program type cgroup_skb is not supported"); - supported = 0; - return supported; + log_debug("BPF program type cgroup_skb is not supported"); + return supported = 0; } r = prepare_restrict_ifaces_bpf(NULL, true, NULL, &obj); - if (r < 0) - return log_debug_errno(r, "Failed to load BPF object: %m"); + if (r < 0) { + log_debug_errno(r, "Failed to load BPF object: %m"); + return supported = 0; + } - supported = bpf_can_link_program(obj->progs.sd_restrictif_i); - return supported; + return supported = bpf_can_link_program(obj->progs.sd_restrictif_i); } static int restrict_network_interfaces_install_impl(Unit *u) { |