cgroup: make sure whitelist_device() always returns a valid return value

CID 1396094
2018-10-12 18:31:30 +02:00 · 2018-10-12 18:31:30 +02:00 · b9839ac9d9
parent 48440643f7
commit b9839ac9d9
1 changed files with 7 additions and 6 deletions
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@ -418,8 +418,9 @@ static int whitelist_device(BPFProgram *prog, const char *path, const char *node
                if (!prog)
                        return 0;

-                cgroup_bpf_whitelist_device(prog, S_ISCHR(st.st_mode) ? BPF_DEVCG_DEV_CHAR : BPF_DEVCG_DEV_BLOCK,
-                                            major(st.st_rdev), minor(st.st_rdev), acc);
+                return cgroup_bpf_whitelist_device(prog, S_ISCHR(st.st_mode) ? BPF_DEVCG_DEV_CHAR : BPF_DEVCG_DEV_BLOCK,
+                                                   major(st.st_rdev), minor(st.st_rdev), acc);
+
        } else {
                char buf[2+DECIMAL_STR_MAX(dev_t)*2+2+4];

@ -431,11 +432,11 @@ static int whitelist_device(BPFProgram *prog, const char *path, const char *node

                r = cg_set_attribute("devices", path, "devices.allow", buf);
                if (r < 0)
-                        log_full_errno(IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES) ? LOG_DEBUG : LOG_WARNING,
-                                       r, "Failed to set devices.allow on %s: %m", path);
-        }
+                        return log_full_errno(IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES) ? LOG_DEBUG : LOG_WARNING,
+                                              r, "Failed to set devices.allow on %s: %m", path);

-        return r;
+                return 0;
+        }
 }

 static int whitelist_major(BPFProgram *prog, const char *path, const char *name, char type, const char *acc) {