diff options
| -rw-r--r-- | src/core/bpf-lsm.c | 22 | ||||
| -rw-r--r-- | src/core/bpf-lsm.h | 2 | ||||
| -rw-r--r-- | src/test/test-bpf-lsm.c | 3 |
3 files changed, 13 insertions, 14 deletions
diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index 83f3199349..174aa259c0 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -125,7 +125,7 @@ static int mac_bpf_use(void) { } } -int lsm_bpf_supported(void) { +bool lsm_bpf_supported(void) { _cleanup_(restrict_fs_bpf_freep) struct restrict_fs_bpf *obj = NULL; static int supported = -1; int r; @@ -136,44 +136,44 @@ int lsm_bpf_supported(void) { r = dlopen_bpf(); if (r < 0) { log_info_errno(r, "Failed to open libbpf, LSM BPF is not supported: %m"); - return supported = 0; + return (supported = false); } r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER); if (r < 0) { log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m"); - return supported = 0; + return (supported = false); } if (r == 0) { log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Not running with unified cgroup hierarchy, LSM BPF is not supported"); - return supported = 0; + return (supported = false); } r = mac_bpf_use(); if (r < 0) { log_warning_errno(r, "Can't determine whether the BPF LSM module is used: %m"); - return supported = 0; + return (supported = false); } if (r == 0) { log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "BPF LSM hook not enabled in the kernel, LSM BPF not supported"); - return supported = 0; + return (supported = false); } r = prepare_restrict_fs_bpf(&obj); if (r < 0) - return supported = 0; + return (supported = false); if (!bpf_can_link_lsm_program(obj->progs.restrict_filesystems)) { log_warning_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Failed to link BPF program. Assuming BPF is not available"); - return supported = 0; + return (supported = false); } - return supported = 1; + return (supported = true); } int lsm_bpf_setup(Manager *m) { @@ -297,8 +297,8 @@ void lsm_bpf_destroy(struct restrict_fs_bpf *prog) { restrict_fs_bpf__destroy(prog); } #else /* ! BPF_FRAMEWORK */ -int lsm_bpf_supported(void) { - return 0; +bool lsm_bpf_supported(void) { + return false; } int lsm_bpf_setup(Manager *m) { diff --git a/src/core/bpf-lsm.h b/src/core/bpf-lsm.h index 8bd58a29e5..e609d99330 100644 --- a/src/core/bpf-lsm.h +++ b/src/core/bpf-lsm.h @@ -14,7 +14,7 @@ typedef struct Manager Manager; typedef struct restrict_fs_bpf restrict_fs_bpf; -int lsm_bpf_supported(void); +bool lsm_bpf_supported(void); int lsm_bpf_setup(Manager *m); int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list); int lsm_bpf_cleanup(const Unit *u); diff --git a/src/test/test-bpf-lsm.c b/src/test/test-bpf-lsm.c index e0e1b7f38f..d2b5c96624 100644 --- a/src/test/test-bpf-lsm.c +++ b/src/test/test-bpf-lsm.c @@ -78,8 +78,7 @@ int main(int argc, char *argv[]) { if (!can_memlock()) return log_tests_skipped("Can't use mlock()"); - r = lsm_bpf_supported(); - if (r <= 0) + if (!lsm_bpf_supported()) return log_tests_skipped("LSM BPF hooks are not supported"); r = enter_cgroup_subroot(NULL); |