From: Lennart Poettering Date: Thu, 24 Mar 2022 09:46:40 +0000 (+0100) Subject: bpf-firewall: invert test X-Git-Tag: v251-rc1~49 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d01133125cd74dd9f10504650b60270937549553;p=thirdparty%2Fsystemd.git bpf-firewall: invert test Following our coding style of exiting early (instead of deep nesting), let's invert the if check here. Inspired by: https://github.com/systemd/systemd/pull/21602#pullrequestreview-919960060 --- diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c index edcfed1eb47..258d09dd452 100644 --- a/src/core/bpf-firewall.c +++ b/src/core/bpf-firewall.c @@ -927,16 +927,17 @@ void emit_bpf_firewall_warning(Unit *u) { assert(u); assert(u->manager); - if (!warned && !MANAGER_IS_TEST_RUN(u->manager)) { - bool quiet = bpf_firewall_unsupported_reason == -EPERM && detect_container() > 0; - - log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason, - "unit configures an IP firewall, but %s.\n" - "(This warning is only shown for the first unit using IP firewalling.)", - getuid() != 0 ? "not running as root" : - "the local system does not support BPF/cgroup firewalling"); - warned = true; - } + if (warned || MANAGER_IS_TEST_RUN(u->manager)) + return; + + bool quiet = ERRNO_IS_PRIVILEGE(bpf_firewall_unsupported_reason) && detect_container() > 0; + + log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason, + "unit configures an IP firewall, but %s.\n" + "(This warning is only shown for the first unit using IP firewalling.)", + getuid() != 0 ? "not running as root" : + "the local system does not support BPF/cgroup firewalling"); + warned = true; } void bpf_firewall_close(Unit *u) {