manager: skip BPF cleanup if we never initialized

This fixes a spurious warning from the manager running in user mode:

systemd[1668]: Reached target sockets.target.
systemd[1669]: Failed to create BPF map: Operation not permitted
systemd[1669]: Finished systemd-tmpfiles-setup.service.
systemd[1669]: Listening on dbus.socket.
systemd[1669]: Reached target sockets.target.
systemd[1669]: Reached target basic.target.
systemd[1]: Started user@6.service.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2084955.

1 files changed, 6 insertions, 3 deletions

diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c
index 174aa259c0..d3e92b98a6 100644
--- a/src/core/bpf-lsm.c
+++ b/src/core/bpf-lsm.c
@@ -125,13 +125,15 @@ static int mac_bpf_use(void) {
         }
 }
 
-bool lsm_bpf_supported(void) {
+bool lsm_bpf_supported(bool initialize) {
         _cleanup_(restrict_fs_bpf_freep) struct restrict_fs_bpf *obj = NULL;
         static int supported = -1;
         int r;
 
         if (supported >= 0)
                 return supported;
+        if (!initialize)
+                return false;
 
         r = dlopen_bpf();
         if (r < 0) {
@@ -267,7 +269,8 @@ int lsm_bpf_cleanup(const Unit *u) {
         assert(u);
         assert(u->manager);
 
-        if (!lsm_bpf_supported())
+        /* If we never successfully detected support, there is nothing to clean up. */
+        if (!lsm_bpf_supported(/* initialize = */ false))
                 return 0;
 
         if (!u->manager->restrict_fs)
@@ -297,7 +300,7 @@ void lsm_bpf_destroy(struct restrict_fs_bpf *prog) {
         restrict_fs_bpf__destroy(prog);
 }
 #else /* ! BPF_FRAMEWORK */
-bool lsm_bpf_supported(void) {
+bool lsm_bpf_supported(bool initialize) {
         return false;
 }