From b9839ac9d96a4f36beb7d3420d560aed3aa4fb89 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 12 Oct 2018 18:31:30 +0200
Subject: [PATCH] cgroup: make sure whitelist_device() always returns a valid
 return value

CID 1396094
---
 src/core/cgroup.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 9f5e67ba22..ff5f1d5171 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -418,8 +418,9 @@ static int whitelist_device(BPFProgram *prog, const char *path, const char *node
                 if (!prog)
                         return 0;
 
-                cgroup_bpf_whitelist_device(prog, S_ISCHR(st.st_mode) ? BPF_DEVCG_DEV_CHAR : BPF_DEVCG_DEV_BLOCK,
-                                            major(st.st_rdev), minor(st.st_rdev), acc);
+                return cgroup_bpf_whitelist_device(prog, S_ISCHR(st.st_mode) ? BPF_DEVCG_DEV_CHAR : BPF_DEVCG_DEV_BLOCK,
+                                                   major(st.st_rdev), minor(st.st_rdev), acc);
+
         } else {
                 char buf[2+DECIMAL_STR_MAX(dev_t)*2+2+4];
 
@@ -431,11 +432,11 @@ static int whitelist_device(BPFProgram *prog, const char *path, const char *node
 
                 r = cg_set_attribute("devices", path, "devices.allow", buf);
                 if (r < 0)
-                        log_full_errno(IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES) ? LOG_DEBUG : LOG_WARNING,
-                                       r, "Failed to set devices.allow on %s: %m", path);
-        }
+                        return log_full_errno(IN_SET(r, -ENOENT, -EROFS, -EINVAL, -EACCES) ? LOG_DEBUG : LOG_WARNING,
+                                              r, "Failed to set devices.allow on %s: %m", path);
 
-        return r;
+                return 0;
+        }
 }
 
 static int whitelist_major(BPFProgram *prog, const char *path, const char *name, char type, const char *acc) {