bpf-firewall: invert test

Following our coding style of exiting early (instead of deep nesting), let's invert the if check here. Inspired by: systemd#21602 (review)
smcv · Mar 24, 2022 · d011331 · d011331
1 parent bbd2620
commit d011331
Showing 1 changed file with 11 additions and 10 deletions.
diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c
@@ -927,16 +927,17 @@ void emit_bpf_firewall_warning(Unit *u) {
         assert(u);
         assert(u->manager);
 
-        if (!warned && !MANAGER_IS_TEST_RUN(u->manager)) {
-                bool quiet = bpf_firewall_unsupported_reason == -EPERM && detect_container() > 0;
-
-                log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
-                                    "unit configures an IP firewall, but %s.\n"
-                                    "(This warning is only shown for the first unit using IP firewalling.)",
-                                    getuid() != 0 ? "not running as root" :
-                                                    "the local system does not support BPF/cgroup firewalling");
-                warned = true;
-        }
+        if (warned || MANAGER_IS_TEST_RUN(u->manager))
+                return;
+
+        bool quiet = ERRNO_IS_PRIVILEGE(bpf_firewall_unsupported_reason) && detect_container() > 0;
+
+        log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
+                            "unit configures an IP firewall, but %s.\n"
+                            "(This warning is only shown for the first unit using IP firewalling.)",
+                            getuid() != 0 ? "not running as root" :
+                            "the local system does not support BPF/cgroup firewalling");
+        warned = true;
 }
 
 void bpf_firewall_close(Unit *u) {