/* libbpf, clang and llc compile time dependencies are satisfied */
#include "bpf-dlopen.h"
#include "bpf-link.h"
+#include "bpf-util.h"
#include "bpf/restrict_fs/restrict-fs-skel.h"
#define CGROUP_HASH_SIZE_MAX 2048
if (!initialize)
return false;
- r = dlopen_bpf();
- if (r < 0) {
- log_info_errno(r, "Failed to open libbpf, LSM BPF is not supported: %m");
- return (supported = false);
- }
-
- r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
- if (r < 0) {
- log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m");
+ if (!cgroup_bpf_supported())
return (supported = false);
- }
-
- if (r == 0) {
- log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
- "Not running with unified cgroup hierarchy, LSM BPF is not supported");
- return (supported = false);
- }
r = mac_bpf_use();
if (r < 0) {
/* libbpf, clang, llvm and bpftool compile time dependencies are satisfied */
#include "bpf-dlopen.h"
#include "bpf-link.h"
-#include "bpf/socket_bind/socket-bind-skel.h"
+#include "bpf-util.h"
#include "bpf/socket_bind/socket-bind-api.bpf.h"
+#include "bpf/socket_bind/socket-bind-skel.h"
static struct socket_bind_bpf *socket_bind_bpf_free(struct socket_bind_bpf *obj) {
/* socket_bind_bpf__destroy handles object == NULL case */
_cleanup_(socket_bind_bpf_freep) struct socket_bind_bpf *obj = NULL;
int r;
- r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
- if (r < 0)
- return log_debug_errno(r, "Can't determine whether the unified hierarchy is used: %m");
- if (r == 0) {
- log_debug("Not running with unified cgroup hierarchy, BPF is not supported");
- return false;
- }
-
- if (dlopen_bpf() < 0)
+ if (!cgroup_bpf_supported())
return false;
if (!sym_bpf_probe_prog_type(BPF_PROG_TYPE_CGROUP_SOCK_ADDR, /*ifindex=*/0)) {
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "bpf-dlopen.h"
+#include "bpf-util.h"
+#include "cgroup-util.h"
+#include "log.h"
+
+bool cgroup_bpf_supported(void) {
+ static int supported = -1;
+ int r;
+
+ if (supported >= 0)
+ return supported;
+
+ r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
+ if (r < 0) {
+ log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m");
+ return (supported = false);
+ }
+
+ if (r == 0) {
+ log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+ "Not running with unified cgroup hierarchy, disabling cgroup BPF features.");
+ return (supported = false);
+ }
+
+ r = dlopen_bpf();
+ if (r < 0) {
+ log_info_errno(r, "Failed to open libbpf, cgroup BPF features disabled: %m");
+ return (supported = false);
+ }
+
+ return (supported = true);
+}
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <stdbool.h>
+
+bool cgroup_bpf_supported(void);
'unit.h',
)
+if conf.get('BPF_FRAMEWORK') == 1
+ libcore_sources += files(
+ 'bpf-util.c',
+ 'bpf-util.h',
+ )
+endif
+
subdir('bpf')
subdir('bpf/socket_bind')
#include "bpf-dlopen.h"
#include "bpf-link.h"
-
+#include "bpf-util.h"
#include "bpf/restrict_ifaces/restrict-ifaces-skel.h"
static struct restrict_ifaces_bpf *restrict_ifaces_bpf_free(struct restrict_ifaces_bpf *obj) {
if (supported >= 0)
return supported;
- r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
- if (r < 0)
- return log_error_errno(r, "Can't determine whether the unified hierarchy is used: %m");
- if (r == 0) {
- log_debug("Not running with unified cgroup hierarchy, BPF is not supported");
- return supported = 0;
- }
-
- if (dlopen_bpf() < 0)
- return false;
+ if (!cgroup_bpf_supported())
+ return (supported = false);
if (!sym_bpf_probe_prog_type(BPF_PROG_TYPE_CGROUP_SKB, /*ifindex=*/0)) {
log_debug("BPF program type cgroup_skb is not supported");
- return supported = 0;
+ return (supported = false);
}
r = prepare_restrict_ifaces_bpf(NULL, true, NULL, &obj);
if (r < 0) {
log_debug_errno(r, "Failed to load BPF object: %m");
- return supported = 0;
+ return (supported = false);
}
- return supported = bpf_can_link_program(obj->progs.sd_restrictif_i);
+ return (supported = bpf_can_link_program(obj->progs.sd_restrictif_i));
}
static int restrict_network_interfaces_install_impl(Unit *u) {
projects / thirdparty / systemd.git / commitdiff
