diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-02-09 12:26:50 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-02-09 15:32:10 +0100 |
| commit | 958b73bef1ea35d40c7a58aef00f1b2de8fec0c0 (patch) | |
| tree | cc137e149d6514712eef2568aedd5182709e322a /src/core/cgroup.c | |
| parent | bpf-devices: normalize how we pass around major/minor values (diff) | |
| download | systemd-958b73bef1ea35d40c7a58aef00f1b2de8fec0c0.tar.xz systemd-958b73bef1ea35d40c7a58aef00f1b2de8fec0c0.zip | |
bpf-devices: normalize the return handling of functions that put together policy
under some conditions we suppress generating BPF programs. Let's
systematically return 0 when we do this, and 1 if we did actually
soething, instead of second guessing this in the caller.
This is not only more correct, but allows us to suppress BPF programs in
more cases in later commits.
Diffstat (limited to 'src/core/cgroup.c')
| -rw-r--r-- | src/core/cgroup.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 597bf12f47..5476f83ea7 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -1884,10 +1884,14 @@ static int cgroup_apply_devices(Unit *u) { bool allow_list_static = policy == CGROUP_DEVICE_POLICY_CLOSED || (policy == CGROUP_DEVICE_POLICY_AUTO && c->device_allow); - if (allow_list_static) - (void) bpf_devices_allow_list_static(prog, path); - bool any = allow_list_static; + bool any = false; + if (allow_list_static) { + r = bpf_devices_allow_list_static(prog, path); + if (r > 0) + any = true; + } + LIST_FOREACH(device_allow, a, c->device_allow) { const char *val; @@ -1905,7 +1909,7 @@ static int cgroup_apply_devices(Unit *u) { continue; } - if (r >= 0) + if (r > 0) any = true; } |