cgroups/devices: correctly verify bpf device useability in cgfsng_devices_activate()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index f2223afc6ee123d52b28b06cd32272791fdc8444..fdf0451a15b8e18f4b6ec937811909d0f8ff29d8 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -2749,10 +2749,8 @@ __cgfsng_ops bool cgfsng_devices_activate(struct cgroup_ops *ops,
        struct lxc_list *it;
        struct bpf_program *devices_old;
 
-       if (!unified)
-               return false;
-
-       if (lxc_list_empty(&conf->devices))
+       if (!unified || !unified->bpf_device_controller ||
+           !unified->container_full_path || lxc_list_empty(&conf->devices))
                return true;
 
        devices = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE);