cgroup: make unit_get_needs_bpf_firewall() static too

diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 4b9ddd176cf4e3cca155a9ae8c2fcde290ec5fd4..1aab238866c3603fafaaff4dd2989ec2c3697f3c 100644 (file)
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -1195,6 +1195,34 @@ static void cgroup_context_apply(
                 cgroup_apply_firewall(u);
 }
 
+static bool unit_get_needs_bpf_firewall(Unit *u) {
+        CGroupContext *c;
+        Unit *p;
+        assert(u);
+
+        c = unit_get_cgroup_context(u);
+        if (!c)
+                return false;
+
+        if (c->ip_accounting ||
+            c->ip_address_allow ||
+            c->ip_address_deny)
+                return true;
+
+        /* If any parent slice has an IP access list defined, it applies too */
+        for (p = UNIT_DEREF(u->slice); p; p = UNIT_DEREF(p->slice)) {
+                c = unit_get_cgroup_context(p);
+                if (!c)
+                        return false;
+
+                if (c->ip_address_allow ||
+                    c->ip_address_deny)
+                        return true;
+        }
+
+        return false;
+}
+
 static CGroupMask cgroup_context_get_mask(CGroupContext *c) {
         CGroupMask mask = 0;
 
@@ -1356,34 +1384,6 @@ CGroupMask unit_get_enable_mask(Unit *u) {
         return mask;
 }
 
-bool unit_get_needs_bpf_firewall(Unit *u) {
-        CGroupContext *c;
-        Unit *p;
-        assert(u);
-
-        c = unit_get_cgroup_context(u);
-        if (!c)
-                return false;
-
-        if (c->ip_accounting ||
-            c->ip_address_allow ||
-            c->ip_address_deny)
-                return true;
-
-        /* If any parent slice has an IP access list defined, it applies too */
-        for (p = UNIT_DEREF(u->slice); p; p = UNIT_DEREF(p->slice)) {
-                c = unit_get_cgroup_context(p);
-                if (!c)
-                        return false;
-
-                if (c->ip_address_allow ||
-                    c->ip_address_deny)
-                        return true;
-        }
-
-        return false;
-}
-
 /* Recurse from a unit up through its containing slices, propagating
  * mask bits upward. A unit is also member of itself. */
 void unit_update_cgroup_members_masks(Unit *u) {

diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index 5068e6971f0944da666d21bc87f0d09cad61a048..2c7287841a1ec9e9901c5bf6483dca38b470d3cc 100644 (file)
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -155,8 +155,6 @@ CGroupMask unit_get_subtree_mask(Unit *u);
 CGroupMask unit_get_target_mask(Unit *u);
 CGroupMask unit_get_enable_mask(Unit *u);
 
-bool unit_get_needs_bpf_firewall(Unit *u);
-
 void unit_update_cgroup_members_masks(Unit *u);
 
 const char *unit_get_realized_cgroup_path(Unit *u, CGroupMask mask);