cgroups/devices: correctly verify bpf device useability in cgfsng_devices_activate()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 35763c8cefba878a604e0d75ea5aadfaf8fcc837..5d32c493e577fc4fba70109a5fd0f6fb3e12927c 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -2771,10 +2771,8 @@ __cgfsng_ops bool cgfsng_devices_activate(struct cgroup_ops *ops,
        struct lxc_list *it;
        struct bpf_program *devices_old;
 
-       if (!unified)
-               return false;
-
-       if (lxc_list_empty(&conf->devices))
+       if (!unified || !unified->bpf_device_controller ||
+           !unified->container_full_path || lxc_list_empty(&conf->devices))
                return true;
 
        devices = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE);