hwdb: Add support for HP ZBook Studio G5 keyboard (#17525)

[thirdparty/systemd.git] / src / core / bpf-firewall.c

diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c
index a05ac8122d0a33b431b6a7e8097dce517e213447..5da0106a3305751d3436a0b5c058f699b0d0b72c 100644 (file)
--- a/src/core/bpf-firewall.c
+++ b/src/core/bpf-firewall.c
@@ -544,7 +544,7 @@ int bpf_firewall_compile(Unit *u) {
                                             "BPF_F_ALLOW_MULTI is not supported on this manager, not doing BPF firewall on slice units.");
 
         /* Note that when we compile a new firewall we first flush out the access maps and the BPF programs themselves,
-         * but we reuse the the accounting maps. That way the firewall in effect always maps to the actual
+         * but we reuse the accounting maps. That way the firewall in effect always maps to the actual
          * configuration, but we don't flush out the accounting unnecessarily */
 
         u->ip_bpf_ingress = bpf_program_unref(u->ip_bpf_ingress);
@@ -595,7 +595,7 @@ static int load_bpf_progs_from_fs_to_set(Unit *u, char **filter_paths, Set **set
         set_clear(*set);
 
         STRV_FOREACH(bpf_fs_path, filter_paths) {
-                _cleanup_free_ BPFProgram *prog = NULL;
+                _cleanup_(bpf_program_unrefp) BPFProgram *prog = NULL;
                 int r;
 
                 r = bpf_program_new(BPF_PROG_TYPE_CGROUP_SKB, &prog);
@@ -606,10 +606,9 @@ static int load_bpf_progs_from_fs_to_set(Unit *u, char **filter_paths, Set **set
                 if (r < 0)
                         return log_unit_error_errno(u, r, "Loading of ingress BPF program %s failed: %m", *bpf_fs_path);
 
-                r = set_ensure_put(set, &filter_prog_hash_ops, prog);
+                r = set_ensure_consume(set, &filter_prog_hash_ops, TAKE_PTR(prog));
                 if (r < 0)
                         return log_unit_error_errno(u, r, "Can't add program to BPF program set: %m");
-                TAKE_PTR(prog);
         }
 
         return 0;
@@ -647,14 +646,13 @@ int bpf_firewall_load_custom(Unit *u) {
 
 static int attach_custom_bpf_progs(Unit *u, const char *path, int attach_type, Set **set, Set **set_installed) {
         BPFProgram *prog;
-        Iterator i;
         int r;
 
         assert(u);
 
         set_clear(*set_installed);
 
-        SET_FOREACH(prog, *set, i) {
+        SET_FOREACH(prog, *set) {
                 r = bpf_program_cgroup_attach(prog, attach_type, path, BPF_F_ALLOW_MULTI);
                 if (r < 0)
                         return log_unit_error_errno(u, r, "Attaching custom egress BPF program to cgroup %s failed: %m", path);
@@ -901,11 +899,11 @@ void emit_bpf_firewall_warning(Unit *u) {
         if (!warned) {
                 bool quiet = bpf_firewall_unsupported_reason == -EPERM && detect_container();
 
-                log_unit_full(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
-                              "unit configures an IP firewall, but %s.\n"
-                              "(This warning is only shown for the first unit using IP firewalling.)",
-                              getuid() != 0 ? "not running as root" :
-                                              "the local system does not support BPF/cgroup firewalling");
+                log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
+                                    "unit configures an IP firewall, but %s.\n"
+                                    "(This warning is only shown for the first unit using IP firewalling.)",
+                                    getuid() != 0 ? "not running as root" :
+                                                    "the local system does not support BPF/cgroup firewalling");
                 warned = true;
         }
 }