bpf-firewall: attach with BPF_F_ALLOW_MULTI if kernel supports
Reduced version of [0].
Use BPF_F_ALLOW_MULTI attach flag for bpf-firewall if kernel supports
it.
Aside from addressing security issue in [0] attaching with 'multi'
allows further attaching of cgroup egress, ingress hooks specified by
BPFProgram=.
[0] https://github.com/systemd/systemd/pull/17495/commits/
4e42210d40f96e185a55d43041dd6b962ea830dd
(cherry picked from commit
a442ccb4ebdbc3a9ff9d4504eb9724092149fd42)
(cherry picked from commit
0af3810d4b1c8bb4f0683758f47e042e8cb76972)
projects / systemd / .git / commit