From: Lennart Poettering Date: Wed, 11 Oct 2023 09:22:49 +0000 (+0200) Subject: bpf-lsm: suppress noisy debug log message if we remove a unit from the bpf-lsm table... X-Git-Tag: v255-rc1~274^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58f1bd9b4ab889d0378a236d759649d4b45395f9;p=thirdparty%2Fsystemd.git bpf-lsm: suppress noisy debug log message if we remove a unit from the bpf-lsm table where it was never added There's really no point in logging about one of the most common cases we have: that no BPF-LSM policy was installed for a specific unit. --- diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index 5f614ead040..22200bd9393 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -228,11 +228,14 @@ int lsm_bpf_cleanup(const Unit *u) { if (!u->manager->restrict_fs) return 0; + if (u->cgroup_id == 0) + return 0; + int fd = sym_bpf_map__fd(u->manager->restrict_fs->maps.cgroup_hash); if (fd < 0) return log_unit_error_errno(u, errno, "bpf-lsm: Failed to get BPF map fd: %m"); - if (sym_bpf_map_delete_elem(fd, &u->cgroup_id) != 0) + if (sym_bpf_map_delete_elem(fd, &u->cgroup_id) != 0 && errno != ENOENT) return log_unit_debug_errno(u, errno, "bpf-lsm: Failed to delete cgroup entry from LSM BPF map: %m"); return 0;