git.ipfire.org Git - thirdparty/systemd.git/commit

author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Tue, 23 Sep 2025 21:02:22 +0000 (06:02 +0900)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Fri, 26 Sep 2025 00:28:12 +0000 (09:28 +0900)
commit	13b0e7fc6d2623800ba04b104f3b628388c9f5e6
tree	1bfc65d8c390231b8c5052355f55e70153fee951	tree \| snapshot
parent	8b4ee3d68d2e70d9a396b74d155eab3b11763311	commit \| diff

core/bpf-firewall: make failures in loading custom BPF program not critical

All other resource control features work as 'best-effort', and failures
in applying them are handled gracefully. However, unlike the other features,
we tested if the BPF programs can be loaded and refuse execution on failure.

Moreover, the previous behavior of testing loading BPF programs had
inconsistency: the test was silently skipped if the cgroup for the unit does
not exist yet, but tested when the cgroup already exists.

Let's not handle failures in loading custom BPF programs as critical, but
gracefully ignore them, like we do for the other resource control features.

Follow-up for fab347489fcfafbc8367c86afc637ce1b81ae59e.

man/systemd.resource-control.xml		diff \| blob \| blame \| history
src/core/cgroup.c		diff \| blob \| blame \| history
src/core/unit.c		diff \| blob \| blame \| history