From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Dec 2021 12:34:37 +0000 (+0900)
Subject: core/restrict-netif: make restrict_network_interfaces_supported() return negative... 
X-Git-Tag: v250-rc1~97^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3de3fd3d16c03c7785befc142ac2909d516a3253;p=thirdparty%2Fsystemd.git

core/restrict-netif: make restrict_network_interfaces_supported() return negative errno only when critical error

Other errors are handled as the functionality is not supported.

This also drops unnecessary SYNTHETIC_ERRNO().
---

diff --git a/src/core/restrict-ifaces.c b/src/core/restrict-ifaces.c
index ea8033c318c..a17c5d2bf7b 100644
--- a/src/core/restrict-ifaces.c
+++ b/src/core/restrict-ifaces.c
@@ -66,41 +66,35 @@ static int prepare_restrict_ifaces_bpf(Unit* u, bool is_allow_list,
 
 int restrict_network_interfaces_supported(void) {
         _cleanup_(restrict_ifaces_bpf_freep) struct restrict_ifaces_bpf *obj = NULL;
-        int r;
         static int supported = -1;
+        int r;
 
         if (supported >= 0)
                 return supported;
 
         r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
-        if (r < 0) {
-                log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m");
-                supported = 0;
-                return supported;
-        }
+        if (r < 0)
+                return log_error_errno(r, "Can't determine whether the unified hierarchy is used: %m");
         if (r == 0) {
-                log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                "Not running with unified cgroup hierarchy, BPF is not supported");
-                supported = 0;
-                return supported;
+                log_debug("Not running with unified cgroup hierarchy, BPF is not supported");
+                return supported = 0;
         }
 
         if (dlopen_bpf() < 0)
                 return false;
 
         if (!sym_bpf_probe_prog_type(BPF_PROG_TYPE_CGROUP_SKB, /*ifindex=*/0)) {
-                log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                "BPF program type cgroup_skb is not supported");
-                supported = 0;
-                return supported;
+                log_debug("BPF program type cgroup_skb is not supported");
+                return supported = 0;
         }
 
         r = prepare_restrict_ifaces_bpf(NULL, true, NULL, &obj);
-        if (r < 0)
-                return log_debug_errno(r, "Failed to load BPF object: %m");
+        if (r < 0) {
+                log_debug_errno(r, "Failed to load BPF object: %m");
+                return supported = 0;
+        }
 
-        supported = bpf_can_link_program(obj->progs.sd_restrictif_i);
-        return supported;
+        return supported = bpf_can_link_program(obj->progs.sd_restrictif_i);
 }
 
 static int restrict_network_interfaces_install_impl(Unit *u) {