core/bpf: lsm_bpf_supported() returns a boolean

The code was corret, but confusing, because it was treating the int as a boolean. (cherry picked from commit 389db516df)
2025-01-05 09:17:44 +03:00 · 2022-05-17 10:11:05 +02:00 · 2022-05-17 10:11:05 +02:00 · 9d6fa4e17d
commit 9d6fa4e17d
parent 6f8adbad80
3 changed files with 13 additions and 14 deletions
--- a/src/core/bpf-lsm.c
+++ b/src/core/bpf-lsm.c
@ -125,7 +125,7 @@ static int mac_bpf_use(void) {
        }
 }

-int lsm_bpf_supported(void) {
+bool lsm_bpf_supported(void) {
        _cleanup_(restrict_fs_bpf_freep) struct restrict_fs_bpf *obj = NULL;
        static int supported = -1;
        int r;
@ -136,44 +136,44 @@ int lsm_bpf_supported(void) {
        r = dlopen_bpf();
        if (r < 0) {
                log_info_errno(r, "Failed to open libbpf, LSM BPF is not supported: %m");
-                return supported = 0;
+                return (supported = false);
        }

        r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
        if (r < 0) {
                log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m");
-                return supported = 0;
+                return (supported = false);
        }

        if (r == 0) {
                log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                               "Not running with unified cgroup hierarchy, LSM BPF is not supported");
-                return supported = 0;
+                return (supported = false);
        }

        r = mac_bpf_use();
        if (r < 0) {
                log_warning_errno(r, "Can't determine whether the BPF LSM module is used: %m");
-                return supported = 0;
+                return (supported = false);
        }

        if (r == 0) {
                log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                               "BPF LSM hook not enabled in the kernel, LSM BPF not supported");
-                return supported = 0;
+                return (supported = false);
        }

        r = prepare_restrict_fs_bpf(&obj);
        if (r < 0)
-                return supported = 0;
+                return (supported = false);

        if (!bpf_can_link_lsm_program(obj->progs.restrict_filesystems)) {
                log_warning_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                                  "Failed to link BPF program. Assuming BPF is not available");
-                return supported = 0;
+                return (supported = false);
        }

-        return supported = 1;
+        return (supported = true);
 }

 int lsm_bpf_setup(Manager *m) {
@ -297,8 +297,8 @@ void lsm_bpf_destroy(struct restrict_fs_bpf *prog) {
        restrict_fs_bpf__destroy(prog);
 }
 #else /* ! BPF_FRAMEWORK */
-int lsm_bpf_supported(void) {
-        return 0;
+bool lsm_bpf_supported(void) {
+        return false;
 }

 int lsm_bpf_setup(Manager *m) {
--- a/src/core/bpf-lsm.h
+++ b/src/core/bpf-lsm.h
@ -14,7 +14,7 @@ typedef struct Manager Manager;

 typedef struct restrict_fs_bpf restrict_fs_bpf;

-int lsm_bpf_supported(void);
+bool lsm_bpf_supported(void);
 int lsm_bpf_setup(Manager *m);
 int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list);
 int lsm_bpf_cleanup(const Unit *u);
--- a/src/test/test-bpf-lsm.c
+++ b/src/test/test-bpf-lsm.c
@ -81,8 +81,7 @@ int main(int argc, char *argv[]) {
        if (!can_memlock())
                return log_tests_skipped("Can't use mlock(), skipping.");

-        r = lsm_bpf_supported();
-        if (r <= 0)
+        if (!lsm_bpf_supported())
                return log_tests_skipped("LSM BPF hooks are not supported");

        r = enter_cgroup_subroot(NULL);