diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2022-05-17 10:13:49 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2022-05-17 10:55:40 +0200 |
| commit | ba187c9c9ce9c0d16e09aca8c3d3c38975ce05a9 (patch) | |
| tree | 5c304459f6391b27e5238be222f50dec3e1cc83d /src/core | |
| parent | 389db516df2106bf50d7c83192a05f033baa4c2b (diff) | |
| download | systemd-ba187c9c9ce9c0d16e09aca8c3d3c38975ce05a9.tar.gz | |
manager: skip BPF cleanup if we never initialized
This fixes a spurious warning from the manager running in user mode:
systemd[1668]: Reached target sockets.target.
systemd[1669]: Failed to create BPF map: Operation not permitted
systemd[1669]: Finished systemd-tmpfiles-setup.service.
systemd[1669]: Listening on dbus.socket.
systemd[1669]: Reached target sockets.target.
systemd[1669]: Reached target basic.target.
systemd[1]: Started user@6.service.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2084955.
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/bpf-lsm.c | 9 | ||||
| -rw-r--r-- | src/core/bpf-lsm.h | 2 | ||||
| -rw-r--r-- | src/core/manager.c | 2 |
3 files changed, 8 insertions, 5 deletions
diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index 174aa259c0..d3e92b98a6 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -125,13 +125,15 @@ static int mac_bpf_use(void) { } } -bool lsm_bpf_supported(void) { +bool lsm_bpf_supported(bool initialize) { _cleanup_(restrict_fs_bpf_freep) struct restrict_fs_bpf *obj = NULL; static int supported = -1; int r; if (supported >= 0) return supported; + if (!initialize) + return false; r = dlopen_bpf(); if (r < 0) { @@ -267,7 +269,8 @@ int lsm_bpf_cleanup(const Unit *u) { assert(u); assert(u->manager); - if (!lsm_bpf_supported()) + /* If we never successfully detected support, there is nothing to clean up. */ + if (!lsm_bpf_supported(/* initialize = */ false)) return 0; if (!u->manager->restrict_fs) @@ -297,7 +300,7 @@ void lsm_bpf_destroy(struct restrict_fs_bpf *prog) { restrict_fs_bpf__destroy(prog); } #else /* ! BPF_FRAMEWORK */ -bool lsm_bpf_supported(void) { +bool lsm_bpf_supported(bool initialize) { return false; } diff --git a/src/core/bpf-lsm.h b/src/core/bpf-lsm.h index e609d99330..dff581279d 100644 --- a/src/core/bpf-lsm.h +++ b/src/core/bpf-lsm.h @@ -14,7 +14,7 @@ typedef struct Manager Manager; typedef struct restrict_fs_bpf restrict_fs_bpf; -bool lsm_bpf_supported(void); +bool lsm_bpf_supported(bool initialize); int lsm_bpf_setup(Manager *m); int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list); int lsm_bpf_cleanup(const Unit *u); diff --git a/src/core/manager.c b/src/core/manager.c index 98daa764eb..296b759959 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -951,7 +951,7 @@ int manager_new(LookupScope scope, ManagerTestRunFlags test_run_flags, Manager * return r; #if HAVE_LIBBPF - if (MANAGER_IS_SYSTEM(m) && lsm_bpf_supported()) { + if (MANAGER_IS_SYSTEM(m) && lsm_bpf_supported(/* initialize = */ true)) { r = lsm_bpf_setup(m); if (r < 0) log_warning_errno(r, "Failed to setup LSM BPF, ignoring: %m"); |