From 7973f564687f7e6dc5bcfee09aec3cb19ed34f1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 9 Nov 2019 11:50:25 +0100 Subject: test-bpf-devices: new test for the devices bpf code --- src/core/bpf-devices.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'src/core/bpf-devices.c') diff --git a/src/core/bpf-devices.c b/src/core/bpf-devices.c index 60cc2f6b4e..2683db8e71 100644 --- a/src/core/bpf-devices.c +++ b/src/core/bpf-devices.c @@ -172,14 +172,14 @@ int bpf_devices_apply_policy( bool whitelist, const char *cgroup_path, BPFProgram **prog_installed) { + + _cleanup_free_ char *controller_path = NULL; int r; /* This will assign *keep_program if everything goes well. */ - if (!prog) { - /* Remove existing program. */ - *prog_installed = bpf_program_unref(*prog_installed); - return 0; - } + + if (!prog) + goto finish; const bool deny_everything = policy == CGROUP_DEVICE_POLICY_STRICT && !whitelist; @@ -213,7 +213,6 @@ int bpf_devices_apply_policy( if (r < 0) return log_error_errno(r, "Extending device control BPF program failed: %m"); - _cleanup_free_ char *controller_path = NULL; r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, NULL, &controller_path); if (r < 0) return log_error_errno(r, "Failed to determine cgroup path: %m"); @@ -223,9 +222,12 @@ int bpf_devices_apply_policy( return log_error_errno(r, "Attaching device control BPF program to cgroup %s failed: %m", cgroup_path); + finish: /* Unref the old BPF program (which will implicitly detach it) right before attaching the new program. */ - bpf_program_unref(*prog_installed); - *prog_installed = bpf_program_ref(prog); + if (prog_installed) { + bpf_program_unref(*prog_installed); + *prog_installed = bpf_program_ref(prog); + } return 0; } -- cgit v1.2.1