core: only warn about BPF/cgroup missing once per runtime (#7319)

Let's reduce the amount of noise a bit, there's little point in complaining loudly about every single unit like this, let's complain only about the first one, and then downgrade the log level to LOG_DEBUG for the other cases. Fixes: #7188
2017-11-13 22:02:51 +01:00 · 2017-11-13 22:02:51 +01:00 · ab8519c28b
parent 9c6888ac45
commit ab8519c28b
2 changed files with 18 additions and 6 deletions
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@ -1409,9 +1409,15 @@ int bus_cgroup_set_property(
                                r = bpf_firewall_supported();
                                if (r < 0)
                                        return r;
-                                if (r == 0)
-                                        log_warning("Transient unit %s configures an IP firewall, but the local system does not support BPF/cgroup firewalling.\n"
-                                                    "Proceeding WITHOUT firewalling in effect!", u->id);
+                                if (r == 0) {
+                                        static bool warned = false;
+
+                                        log_full(warned ? LOG_DEBUG : LOG_WARNING,
+                                                 "Transient unit %s configures an IP firewall, but the local system does not support BPF/cgroup firewalling.\n"
+                                                 "Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first started transient unit using IP firewalling.)", u->id);
+
+                                        warned = true;
+                                }
                        }
                }

--- a/src/core/ip-address-access.c
+++ b/src/core/ip-address-access.c
@ -155,9 +155,15 @@ int config_parse_ip_address_access(
                r = bpf_firewall_supported();
                if (r < 0)
                        return r;
-                if (r == 0)
-                        log_warning("File %s:%u configures an IP firewall (%s=%s), but the local system does not support BPF/cgroup based firewalling.\n"
-                                    "Proceeding WITHOUT firewalling in effect!", filename, line, lvalue, rvalue);
+                if (r == 0) {
+                        static bool warned = false;
+
+                        log_full(warned ? LOG_DEBUG : LOG_WARNING,
+                                 "File %s:%u configures an IP firewall (%s=%s), but the local system does not support BPF/cgroup based firewalling.\n"
+                                 "Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.)", filename, line, lvalue, rvalue);
+
+                        warned = true;
+                }
        }

        return 0;