cgroup_apply_firewall(u);
}
+static bool unit_get_needs_bpf_firewall(Unit *u) {
+ CGroupContext *c;
+ Unit *p;
+ assert(u);
+
+ c = unit_get_cgroup_context(u);
+ if (!c)
+ return false;
+
+ if (c->ip_accounting ||
+ c->ip_address_allow ||
+ c->ip_address_deny)
+ return true;
+
+ /* If any parent slice has an IP access list defined, it applies too */
+ for (p = UNIT_DEREF(u->slice); p; p = UNIT_DEREF(p->slice)) {
+ c = unit_get_cgroup_context(p);
+ if (!c)
+ return false;
+
+ if (c->ip_address_allow ||
+ c->ip_address_deny)
+ return true;
+ }
+
+ return false;
+}
+
static CGroupMask cgroup_context_get_mask(CGroupContext *c) {
CGroupMask mask = 0;
return mask;
}
-bool unit_get_needs_bpf_firewall(Unit *u) {
- CGroupContext *c;
- Unit *p;
- assert(u);
-
- c = unit_get_cgroup_context(u);
- if (!c)
- return false;
-
- if (c->ip_accounting ||
- c->ip_address_allow ||
- c->ip_address_deny)
- return true;
-
- /* If any parent slice has an IP access list defined, it applies too */
- for (p = UNIT_DEREF(u->slice); p; p = UNIT_DEREF(p->slice)) {
- c = unit_get_cgroup_context(p);
- if (!c)
- return false;
-
- if (c->ip_address_allow ||
- c->ip_address_deny)
- return true;
- }
-
- return false;
-}
-
/* Recurse from a unit up through its containing slices, propagating
* mask bits upward. A unit is also member of itself. */
void unit_update_cgroup_members_masks(Unit *u) {
CGroupMask unit_get_target_mask(Unit *u);
CGroupMask unit_get_enable_mask(Unit *u);
-bool unit_get_needs_bpf_firewall(Unit *u);
-
void unit_update_cgroup_members_masks(Unit *u);
const char *unit_get_realized_cgroup_path(Unit *u, CGroupMask mask);