assert(u);
assert(u->manager);
- if (!warned && !MANAGER_IS_TEST_RUN(u->manager)) {
- bool quiet = bpf_firewall_unsupported_reason == -EPERM && detect_container() > 0;
-
- log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
- "unit configures an IP firewall, but %s.\n"
- "(This warning is only shown for the first unit using IP firewalling.)",
- getuid() != 0 ? "not running as root" :
- "the local system does not support BPF/cgroup firewalling");
- warned = true;
- }
+ if (warned || MANAGER_IS_TEST_RUN(u->manager))
+ return;
+
+ bool quiet = ERRNO_IS_PRIVILEGE(bpf_firewall_unsupported_reason) && detect_container() > 0;
+
+ log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
+ "unit configures an IP firewall, but %s.\n"
+ "(This warning is only shown for the first unit using IP firewalling.)",
+ getuid() != 0 ? "not running as root" :
+ "the local system does not support BPF/cgroup firewalling");
+ warned = true;
}
void bpf_firewall_close(Unit *u) {