From: Lennart Poettering Date: Wed, 24 Feb 2021 16:49:32 +0000 (+0100) Subject: cgroup: don't generate BPF firewall unsupported warning on wrong unit X-Git-Tag: v248-rc3~117 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a437c5e4da666d16f15649461ce45e0e6d735148;p=thirdparty%2Fsystemd.git cgroup: don't generate BPF firewall unsupported warning on wrong unit Let's generate the warning on a unit that actually needs the BPF firewall, and not confusingly already for a sibling of one. --- diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 1f74cb393f7..8690a648716 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -1623,20 +1623,20 @@ CGroupMask unit_get_ancestor_disable_mask(Unit *u) { } CGroupMask unit_get_target_mask(Unit *u) { - CGroupMask mask; + CGroupMask own_mask, mask; - /* This returns the cgroup mask of all controllers to enable - * for a specific cgroup, i.e. everything it needs itself, - * plus all that its children need, plus all that its siblings - * need. This is primarily useful on the legacy cgroup - * hierarchy, where we need to duplicate each cgroup in each + /* This returns the cgroup mask of all controllers to enable for a specific cgroup, i.e. everything + * it needs itself, plus all that its children need, plus all that its siblings need. This is + * primarily useful on the legacy cgroup hierarchy, where we need to duplicate each cgroup in each * hierarchy that shall be enabled for it. */ - mask = unit_get_own_mask(u) | unit_get_members_mask(u) | unit_get_siblings_mask(u); + own_mask = unit_get_own_mask(u); - if (mask & CGROUP_MASK_BPF_FIREWALL & ~u->manager->cgroup_supported) + if (own_mask & CGROUP_MASK_BPF_FIREWALL & ~u->manager->cgroup_supported) emit_bpf_firewall_warning(u); + mask = own_mask | unit_get_members_mask(u) | unit_get_siblings_mask(u); + mask &= u->manager->cgroup_supported; mask &= ~unit_get_ancestor_disable_mask(u);