mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-08 21:17:47 +03:00
manager: skip BPF cleanup if we never initialized
This fixes a spurious warning from the manager running in user mode:
systemd[1668]: Reached target sockets.target.
systemd[1669]: Failed to create BPF map: Operation not permitted
systemd[1669]: Finished systemd-tmpfiles-setup.service.
systemd[1669]: Listening on dbus.socket.
systemd[1669]: Reached target sockets.target.
systemd[1669]: Reached target basic.target.
systemd[1]: Started user@6.service.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2084955.
(cherry picked from commit ba187c9c9c
)
This commit is contained in:
parent
9d6fa4e17d
commit
3784472f64
@ -125,13 +125,15 @@ static int mac_bpf_use(void) {
|
||||
}
|
||||
}
|
||||
|
||||
bool lsm_bpf_supported(void) {
|
||||
bool lsm_bpf_supported(bool initialize) {
|
||||
_cleanup_(restrict_fs_bpf_freep) struct restrict_fs_bpf *obj = NULL;
|
||||
static int supported = -1;
|
||||
int r;
|
||||
|
||||
if (supported >= 0)
|
||||
return supported;
|
||||
if (!initialize)
|
||||
return false;
|
||||
|
||||
r = dlopen_bpf();
|
||||
if (r < 0) {
|
||||
@ -267,7 +269,8 @@ int lsm_bpf_cleanup(const Unit *u) {
|
||||
assert(u);
|
||||
assert(u->manager);
|
||||
|
||||
if (!lsm_bpf_supported())
|
||||
/* If we never successfully detected support, there is nothing to clean up. */
|
||||
if (!lsm_bpf_supported(/* initialize = */ false))
|
||||
return 0;
|
||||
|
||||
if (!u->manager->restrict_fs)
|
||||
@ -297,7 +300,7 @@ void lsm_bpf_destroy(struct restrict_fs_bpf *prog) {
|
||||
restrict_fs_bpf__destroy(prog);
|
||||
}
|
||||
#else /* ! BPF_FRAMEWORK */
|
||||
bool lsm_bpf_supported(void) {
|
||||
bool lsm_bpf_supported(bool initialize) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -14,7 +14,7 @@ typedef struct Manager Manager;
|
||||
|
||||
typedef struct restrict_fs_bpf restrict_fs_bpf;
|
||||
|
||||
bool lsm_bpf_supported(void);
|
||||
bool lsm_bpf_supported(bool initialize);
|
||||
int lsm_bpf_setup(Manager *m);
|
||||
int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list);
|
||||
int lsm_bpf_cleanup(const Unit *u);
|
||||
|
@ -930,7 +930,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager
|
||||
return r;
|
||||
|
||||
#if HAVE_LIBBPF
|
||||
if (MANAGER_IS_SYSTEM(m) && lsm_bpf_supported()) {
|
||||
if (MANAGER_IS_SYSTEM(m) && lsm_bpf_supported(/* initialize = */ true)) {
|
||||
r = lsm_bpf_setup(m);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Failed to setup LSM BPF, ignoring: %m");
|
||||
|
@ -81,7 +81,7 @@ int main(int argc, char *argv[]) {
|
||||
if (!can_memlock())
|
||||
return log_tests_skipped("Can't use mlock(), skipping.");
|
||||
|
||||
if (!lsm_bpf_supported())
|
||||
if (!lsm_bpf_supported(/* initialize = */ true))
|
||||
return log_tests_skipped("LSM BPF hooks are not supported");
|
||||
|
||||
r = enter_cgroup_subroot(NULL);
|
||||
|
Loading…
Reference in New Issue
Block a user