cgroup: make sure whitelist_device() always returns a valid return value

CID 1396094

diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 9f5e67ba22658cfe8229500129c0b08d2bbf0d6b..ff5f1d517157cd865326a2286eff197442e6f5a0 100644 (file)
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -418,8 +418,9 @@ static int whitelist_device(BPFProgram *prog, const char *path, const char *node
                 if (!prog)
                         return 0;
 
-                cgroup_bpf_whitelist_device(prog, S_ISCHR(st.st_mode) ? BPF_DEVCG_DEV_CHAR : BPF_DEVCG_DEV_BLOCK,
-                                            major(st.st_rdev), minor(st.st_rdev), acc);
+                return cgroup_bpf_whitelist_device(prog, S_ISCHR(st.st_mode) ? BPF_DEVCG_DEV_CHAR : BPF_DEVCG_DEV_BLOCK,
+                                                   major(st.st_rdev), minor(st.st_rdev), acc);
+
         } else {
                 char buf[2+DECIMAL_STR_MAX(dev_t)*2+2+4];
 
@@ -431,11 +432,11 @@ static int whitelist_device(BPFProgram *prog, const char *path, const char *node
 
                 r = cg_set_attribute("devices", path, "devices.allow", buf);
                 if (r < 0)
-                        log_full_errno(IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES) ? LOG_DEBUG : LOG_WARNING,
-                                       r, "Failed to set devices.allow on %s: %m", path);
-        }
+                        return log_full_errno(IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES) ? LOG_DEBUG : LOG_WARNING,
+                                              r, "Failed to set devices.allow on %s: %m", path);
 
-        return r;
+                return 0;
+        }
 }
 
 static int whitelist_major(BPFProgram *prog, const char *path, const char *name, char type, const char *acc) {