bpf: check if lsm link ptr is libbpf error

BPF_RAW_TRACEPOINT_OPEN is expected to work only on x86 and x86_64,
since BPF trampoline is implemented only on these architectures.

Attach probing by bpf_program__attach_lsm already happens in
`bpf_lsm_supported`. The resulting pointer can store libbpf error and
that is the case for unsupported architectures.
Add libbpf error check to `bpf_lsm_supported` so execution does not
reach the point where unit startup fails.

(cherry picked from commit f409aa5c6363144c9711226319614f3b248d9828)

diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c
index e0333963c5368ae61519e253d0ffb5a3552f5ab9..4ca082a0050bb62518bf50ec53a57c3f4d77b367 100644 (file)
--- a/src/core/bpf-lsm.c
+++ b/src/core/bpf-lsm.c
@@ -45,10 +45,11 @@ static bool bpf_can_link_lsm_program(struct bpf_program *prog) {
         assert(prog);
 
         link = sym_bpf_program__attach_lsm(prog);
-        if (!link)
-                return -ENOMEM;
 
-        return 1;
+        /* If bpf_program__attach_lsm fails the resulting value stores libbpf error code instead of memory
+         * pointer. That is the case when the helper is called on architectures where BPF trampoline (hence
+         * BPF_LSM_MAC attach type) is not supported. */
+        return sym_libbpf_get_error(link) == 0;
 }
 
 static int prepare_restrict_fs_bpf(struct restrict_fs_bpf **ret_obj) {