cgroup: make unit_get_needs_bpf_firewall() static too

2018-11-21 17:44:14 +01:00 · 2018-11-21 17:44:14 +01:00 · 1649244588
parent 53aea74a60
commit 1649244588
2 changed files with 28 additions and 30 deletions
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@ -1195,6 +1195,34 @@ static void cgroup_context_apply(
                cgroup_apply_firewall(u);
 }

+static bool unit_get_needs_bpf_firewall(Unit *u) {
+        CGroupContext *c;
+        Unit *p;
+        assert(u);
+
+        c = unit_get_cgroup_context(u);
+        if (!c)
+                return false;
+
+        if (c->ip_accounting ||
+            c->ip_address_allow ||
+            c->ip_address_deny)
+                return true;
+
+        /* If any parent slice has an IP access list defined, it applies too */
+        for (p = UNIT_DEREF(u->slice); p; p = UNIT_DEREF(p->slice)) {
+                c = unit_get_cgroup_context(p);
+                if (!c)
+                        return false;
+
+                if (c->ip_address_allow ||
+                    c->ip_address_deny)
+                        return true;
+        }
+
+        return false;
+}
+
 static CGroupMask cgroup_context_get_mask(CGroupContext *c) {
        CGroupMask mask = 0;

@ -1356,34 +1384,6 @@ CGroupMask unit_get_enable_mask(Unit *u) {
        return mask;
 }

-bool unit_get_needs_bpf_firewall(Unit *u) {
-        CGroupContext *c;
-        Unit *p;
-        assert(u);
-
-        c = unit_get_cgroup_context(u);
-        if (!c)
-                return false;
-
-        if (c->ip_accounting ||
-            c->ip_address_allow ||
-            c->ip_address_deny)
-                return true;
-
-        /* If any parent slice has an IP access list defined, it applies too */
-        for (p = UNIT_DEREF(u->slice); p; p = UNIT_DEREF(p->slice)) {
-                c = unit_get_cgroup_context(p);
-                if (!c)
-                        return false;
-
-                if (c->ip_address_allow ||
-                    c->ip_address_deny)
-                        return true;
-        }
-
-        return false;
-}
-
 /* Recurse from a unit up through its containing slices, propagating
 * mask bits upward. A unit is also member of itself. */
 void unit_update_cgroup_members_masks(Unit *u) {
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@ -155,8 +155,6 @@ CGroupMask unit_get_subtree_mask(Unit *u);
 CGroupMask unit_get_target_mask(Unit *u);
 CGroupMask unit_get_enable_mask(Unit *u);

-bool unit_get_needs_bpf_firewall(Unit *u);
-
 void unit_update_cgroup_members_masks(Unit *u);

 const char *unit_get_realized_cgroup_path(Unit *u, CGroupMask mask);