#include "af-list.h"
#include "alloc-util.h"
+#include "bpf-firewall.h"
#include "bus-util.h"
#include "cgroup-util.h"
#include "cgroup.h"
if (r < 0)
return r;
unit_write_drop_in_private(u, mode, name, buf);
+
+ if (*list) {
+ r = bpf_firewall_supported();
+ if (r < 0)
+ return r;
+ if (r == 0)
+ log_warning("Transient unit %s configures an IP firewall, but the local system does not support BPF/cgroup firewalling.\n"
+ "Proceeding WITHOUT firewalling in effect!", u->id);
+ }
}
return 1;
#include <stdlib.h>
#include "alloc-util.h"
+#include "bpf-firewall.h"
#include "extract-word.h"
#include "hostname-util.h"
#include "ip-address-access.h"
*list = ip_address_access_reduce(*list);
+ if (*list) {
+ r = bpf_firewall_supported();
+ if (r < 0)
+ return r;
+ if (r == 0)
+ log_warning("File %s:%u configures an IP firewall (%s=%s), but the local system does not support BPF/cgroup based firewalling.\n"
+ "Proceeding WITHOUT firewalling in effect!", filename, line, lvalue, rvalue);
+ }
+
return 0;
}
projects / platform / upstream / systemd.git / commitdiff