diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-02-24 17:49:32 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-03-12 18:21:31 +0100 |
commit | 98255e132aed4883581f1caaea63bb5570355bbf (patch) | |
tree | 6f36dc19f002d01d491426491d1afc50861290e7 | |
parent | 5b6dd9766e775785afeca2a9090ad36a87853c20 (diff) | |
download | systemd-98255e132aed4883581f1caaea63bb5570355bbf.tar.gz |
cgroup: don't generate BPF firewall unsupported warning on wrong unit
Let's generate the warning on a unit that actually needs the BPF
firewall, and not confusingly already for a sibling of one.
(cherry picked from commit a437c5e4da666d16f15649461ce45e0e6d735148)
(cherry picked from commit 6349fb59858618bf9b92e4abb77dc4027b2fd35f)
-rw-r--r-- | src/core/cgroup.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 8c2b8f8ae3..1a85cea7d2 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -1574,20 +1574,20 @@ CGroupMask unit_get_subtree_mask(Unit *u) { } CGroupMask unit_get_target_mask(Unit *u) { - CGroupMask mask; + CGroupMask own_mask, mask; - /* This returns the cgroup mask of all controllers to enable - * for a specific cgroup, i.e. everything it needs itself, - * plus all that its children need, plus all that its siblings - * need. This is primarily useful on the legacy cgroup - * hierarchy, where we need to duplicate each cgroup in each + /* This returns the cgroup mask of all controllers to enable for a specific cgroup, i.e. everything + * it needs itself, plus all that its children need, plus all that its siblings need. This is + * primarily useful on the legacy cgroup hierarchy, where we need to duplicate each cgroup in each * hierarchy that shall be enabled for it. */ - mask = unit_get_own_mask(u) | unit_get_members_mask(u) | unit_get_siblings_mask(u); + own_mask = unit_get_own_mask(u); - if (mask & CGROUP_MASK_BPF_FIREWALL & ~u->manager->cgroup_supported) + if (own_mask & CGROUP_MASK_BPF_FIREWALL & ~u->manager->cgroup_supported) emit_bpf_firewall_warning(u); + mask = own_mask | unit_get_members_mask(u) | unit_get_siblings_mask(u); + mask &= u->manager->cgroup_supported; mask &= ~unit_get_ancestor_disable_mask(u); |