summaryrefslogtreecommitdiffstats
path: root/src/core/dbus-cgroup.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2017-09-06 17:56:15 +0200
committerLennart Poettering <lennart@poettering.net>2017-09-22 15:24:55 +0200
commit078ba556da253e994724aa5565d570b5d22e0c17 (patch)
tree6333057ee69e95a26d69a1214e35e27654ed4d41 /src/core/dbus-cgroup.c
parentAdd test for eBPF firewall code (diff)
downloadsystemd-078ba556da253e994724aa5565d570b5d22e0c17.tar.xz
systemd-078ba556da253e994724aa5565d570b5d22e0c17.zip
core: warn loudly if IP firewalling is configured but not in effect
Diffstat (limited to 'src/core/dbus-cgroup.c')
-rw-r--r--src/core/dbus-cgroup.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index 42381eca36..f61ca08fcb 100644
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -21,6 +21,7 @@
#include "af-list.h"
#include "alloc-util.h"
+#include "bpf-firewall.h"
#include "bus-util.h"
#include "cgroup-util.h"
#include "cgroup.h"
@@ -1321,6 +1322,15 @@ int bus_cgroup_set_property(
if (r < 0)
return r;
unit_write_drop_in_private(u, mode, name, buf);
+
+ if (*list) {
+ r = bpf_firewall_supported();
+ if (r < 0)
+ return r;
+ if (r == 0)
+ log_warning("Transient unit %s configures an IP firewall, but the local system does not support BPF/cgroup firewalling.\n"
+ "Proceeding WITHOUT firewalling in effect!", u->id);
+ }
}
return 1;
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 02:35:16 +0100