From: Yu Watanabe Date: Wed, 16 Apr 2025 18:10:38 +0000 (+0900) Subject: core/cgroup: foreign bpf programs needs to pass bpf_program_supported() X-Git-Tag: v258-rc1~653^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22e2f0642897cfa7ba975527f5394bd7fcdf639b;p=thirdparty%2Fsystemd.git core/cgroup: foreign bpf programs needs to pass bpf_program_supported() As CONFIG_CGROUP_BPF may be disabled on the kernel or we are running on sanitizers. See comments in bpf_program_supported(). Follow-up for 3fcb98cbff0a5be8bf7c5deda6c1f7e8a31699bd. --- diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 2a74380a283..d58820df838 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -3273,8 +3273,9 @@ static int cg_bpf_mask_supported(CGroupMask *ret) { if (r > 0) mask |= CGROUP_MASK_BPF_DEVICES; - /* BPF pinned prog (always supported by cgroup v2) */ - mask |= CGROUP_MASK_BPF_FOREIGN; + /* BPF pinned prog */ + if (bpf_program_supported() > 0) + mask |= CGROUP_MASK_BPF_FOREIGN; /* BPF-based bind{4|6} hooks */ r = bpf_socket_bind_supported(); diff --git a/src/test/test-bpf-foreign-programs.c b/src/test/test-bpf-foreign-programs.c index 658746afa06..3128b26b8eb 100644 --- a/src/test/test-bpf-foreign-programs.c +++ b/src/test/test-bpf-foreign-programs.c @@ -279,8 +279,9 @@ int main(int argc, char *argv[]) { if (detect_container() > 0) return log_tests_skipped("test-bpf fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666"); - if (getuid() != 0) - return log_tests_skipped("not running as root"); + r = bpf_program_supported(); + if (r < 0) + return log_tests_skipped_errno(r, "not running as root"); ASSERT_OK(getrlimit(RLIMIT_MEMLOCK, &rl)); rl.rlim_cur = rl.rlim_max = MAX(rl.rlim_max, CAN_MEMLOCK_SIZE);