shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-12 13:18:14 +03:00
Code

bpf-lsm: suppress noisy debug log message if we remove a unit from the bpf-lsm table where it was never added

Browse Source 
There's really no point in logging about one of the most common cases we
have: that no BPF-LSM policy was installed for a specific unit.
This commit is contained in:
Lennart Poettering 2023-10-11 11:22:49 +02:00
parent 91a6447607
commit 58f1bd9b4a
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/core/bpf-lsm.c
View File

@ -228,11 +228,14 @@ int lsm_bpf_cleanup(const Unit *u) {
if (!u->manager->restrict_fs)
return 0;
if (u->cgroup_id == 0)
return 0;
int fd = sym_bpf_map__fd(u->manager->restrict_fs->maps.cgroup_hash);
if (fd < 0)
return log_unit_error_errno(u, errno, "bpf-lsm: Failed to get BPF map fd: %m");
if (sym_bpf_map_delete_elem(fd, &u->cgroup_id) != 0)
if (sym_bpf_map_delete_elem(fd, &u->cgroup_id) != 0 && errno != ENOENT)
return log_unit_debug_errno(u, errno, "bpf-lsm: Failed to delete cgroup entry from LSM BPF map: %m");
return 0;