bpf-firewall: invert test

[thirdparty/systemd.git] / src / core / bpf-firewall.c

diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c
index edcfed1eb47ab45234213c56365bb09ff7a15e80..258d09dd452f2f3ab2ba4a5790552f9ca3d2eeb8 100644 (file)
--- a/src/core/bpf-firewall.c
+++ b/src/core/bpf-firewall.c
@@ -927,16 +927,17 @@ void emit_bpf_firewall_warning(Unit *u) {
         assert(u);
         assert(u->manager);
 
-        if (!warned && !MANAGER_IS_TEST_RUN(u->manager)) {
-                bool quiet = bpf_firewall_unsupported_reason == -EPERM && detect_container() > 0;
-
-                log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
-                                    "unit configures an IP firewall, but %s.\n"
-                                    "(This warning is only shown for the first unit using IP firewalling.)",
-                                    getuid() != 0 ? "not running as root" :
-                                                    "the local system does not support BPF/cgroup firewalling");
-                warned = true;
-        }
+        if (warned || MANAGER_IS_TEST_RUN(u->manager))
+                return;
+
+        bool quiet = ERRNO_IS_PRIVILEGE(bpf_firewall_unsupported_reason) && detect_container() > 0;
+
+        log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
+                            "unit configures an IP firewall, but %s.\n"
+                            "(This warning is only shown for the first unit using IP firewalling.)",
+                            getuid() != 0 ? "not running as root" :
+                            "the local system does not support BPF/cgroup firewalling");
+        warned = true;
 }
 
 void bpf_firewall_close(Unit *u) {