projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: aafec74) | patch
Move warning about unsupported BPF firewall right before the firewall would be created
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 4 Jun 2019 13:01:27 +0000 (15:01 +0200)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 4 Jun 2019 15:22:37 +0000 (17:22 +0200)
commit84d2744bc56a1876af90fba9c16df953f9c2cb84
tree8d047f4706a3ce8b24098966a809531b51d3d3c3tree | snapshot
parentaafec74d049483f1fe66cde24d580020734af32ccommit | diff
Move warning about unsupported BPF firewall right before the firewall would be created

There's no need to warn about the firewall when parsing, because the unit might
not be started at all. Let's warn only when we're actually preparing to start
the firewall.

This changes behaviour:
- the warning is printed just once for all unit types, and not once
  for normal units and once for transient units.
- on repeat warnings, the message is not printed at all. There's already
  detailed debug info from bpf_firewall_compile(), so we don't need to repeat
  ourselves.
- when we are not root, let's say precisely that, not "lack of necessary privileges"
  and "the local system does not support BPF/cgroup firewalling".

Fixes #12673.
src/core/bpf-firewall.c diff | blob | history
src/core/bpf-firewall.h diff | blob | history
src/core/cgroup.c diff | blob | history
src/core/dbus-cgroup.c diff | blob | history
src/core/ip-address-access.c diff | blob | history
https://github.com/systemd/systemd.git