dasharo/systemd
0
0
Fork 0
mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #23407 from keszybz/bpf-cleanup-warning

Browse Source 
Clean up bpf cleanup warning
This commit is contained in:
Yu Watanabe
2022-05-17 20:31:10 +09:00
committed by GitHub
parent bfd671061c ba187c9c9c
commit 1a8922ddec
4 changed files with 18 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/core/bpf-lsm.c
View File

@@ -125,55 +125,57 @@ static int mac_bpf_use(void) {
}
}
int lsm_bpf_supported(void) {
bool lsm_bpf_supported(bool initialize) {
_cleanup_(restrict_fs_bpf_freep) struct restrict_fs_bpf *obj = NULL;
static int supported = -1;
int r;
if (supported >= 0)
return supported;
if (!initialize)
return false;
r = dlopen_bpf();
if (r < 0) {
log_info_errno(r, "Failed to open libbpf, LSM BPF is not supported: %m");
return supported = 0;
return (supported = false);
}
r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
if (r < 0) {
log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m");
return supported = 0;
return (supported = false);
}
if (r == 0) {
log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"Not running with unified cgroup hierarchy, LSM BPF is not supported");
return supported = 0;
return (supported = false);
}
r = mac_bpf_use();
if (r < 0) {
log_warning_errno(r, "Can't determine whether the BPF LSM module is used: %m");
return supported = 0;
return (supported = false);
}
if (r == 0) {
log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"BPF LSM hook not enabled in the kernel, LSM BPF not supported");
return supported = 0;
return (supported = false);
}
r = prepare_restrict_fs_bpf(&obj);
if (r < 0)
return supported = 0;
return (supported = false);
if (!bpf_can_link_lsm_program(obj->progs.restrict_filesystems)) {
log_warning_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"Failed to link BPF program. Assuming BPF is not available");
return supported = 0;
return (supported = false);
}
return supported = 1;
return (supported = true);
}
int lsm_bpf_setup(Manager *m) {
@@ -267,7 +269,8 @@ int lsm_bpf_cleanup(const Unit *u) {
assert(u);
assert(u->manager);
if (!lsm_bpf_supported())
/* If we never successfully detected support, there is nothing to clean up. */
if (!lsm_bpf_supported(/* initialize = */ false))
return 0;
if (!u->manager->restrict_fs)
@@ -297,8 +300,8 @@ void lsm_bpf_destroy(struct restrict_fs_bpf *prog) {
restrict_fs_bpf__destroy(prog);
}
#else /* ! BPF_FRAMEWORK */
int lsm_bpf_supported(void) {
return 0;
bool lsm_bpf_supported(bool initialize) {
return false;
}
int lsm_bpf_setup(Manager *m) {

2
src/core/bpf-lsm.h
View File

@@ -14,7 +14,7 @@ typedef struct Manager Manager;
typedef struct restrict_fs_bpf restrict_fs_bpf;
int lsm_bpf_supported(void);
bool lsm_bpf_supported(bool initialize);
int lsm_bpf_setup(Manager *m);
int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list);
int lsm_bpf_cleanup(const Unit *u);

2
src/core/manager.c
View File

@@ -951,7 +951,7 @@ int manager_new(LookupScope scope, ManagerTestRunFlags test_run_flags, Manager *
return r;
#if HAVE_LIBBPF
if (MANAGER_IS_SYSTEM(m) && lsm_bpf_supported()) {
if (MANAGER_IS_SYSTEM(m) && lsm_bpf_supported(/* initialize = */ true)) {
r = lsm_bpf_setup(m);
if (r < 0)
log_warning_errno(r, "Failed to setup LSM BPF, ignoring: %m");

3
src/test/test-bpf-lsm.c
View File

@@ -78,8 +78,7 @@ int main(int argc, char *argv[]) {
if (!can_memlock())
return log_tests_skipped("Can't use mlock()");
r = lsm_bpf_supported();
if (r <= 0)
if (!lsm_bpf_supported(/* initialize = */ true))
return log_tests_skipped("LSM BPF hooks are not supported");
r = enter_cgroup_subroot(NULL);