From 58f1bd9b4ab889d0378a236d759649d4b45395f9 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 11 Oct 2023 11:22:49 +0200 Subject: [PATCH] bpf-lsm: suppress noisy debug log message if we remove a unit from the bpf-lsm table where it was never added There's really no point in logging about one of the most common cases we have: that no BPF-LSM policy was installed for a specific unit. --- src/core/bpf-lsm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c index 5f614ead040..22200bd9393 100644 --- a/src/core/bpf-lsm.c +++ b/src/core/bpf-lsm.c @@ -228,11 +228,14 @@ int lsm_bpf_cleanup(const Unit *u) { if (!u->manager->restrict_fs) return 0; + if (u->cgroup_id == 0) + return 0; + int fd = sym_bpf_map__fd(u->manager->restrict_fs->maps.cgroup_hash); if (fd < 0) return log_unit_error_errno(u, errno, "bpf-lsm: Failed to get BPF map fd: %m"); - if (sym_bpf_map_delete_elem(fd, &u->cgroup_id) != 0) + if (sym_bpf_map_delete_elem(fd, &u->cgroup_id) != 0 && errno != ENOENT) return log_unit_debug_errno(u, errno, "bpf-lsm: Failed to delete cgroup entry from LSM BPF map: %m"); return 0; -- 2.47.3