summaryrefslogtreecommitdiffstats
path: root/src/analyze/analyze-security.c
diff options
context:
space:
mode:
authorLuca Boccassi <bluca@debian.org>2022-04-01 01:54:53 +0200
committerLuca Boccassi <bluca@debian.org>2022-04-01 11:42:48 +0200
commitdd51e725df9aec2847482131ef601e0215b371a0 (patch)
tree9125a6061e42323a14d88565e354b60848f0f241 /src/analyze/analyze-security.c
parentanalyze: fix offline check for 'native' syscall architecture (diff)
downloadsystemd-dd51e725df9aec2847482131ef601e0215b371a0.tar.xz
systemd-dd51e725df9aec2847482131ef601e0215b371a0.zip
analyze: fix offline check for syscal filter
The deny/allow list check was inverted, if we are deny listing and the hashmap contains the syscall then that's good Fixes https://github.com/systemd/systemd/issues/22914
Diffstat (limited to '')
-rw-r--r--src/analyze/analyze-security.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index 61e5e71ba6..cfda6580a7 100644
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -590,7 +590,7 @@ static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFi
if (id < 0)
continue;
- if (hashmap_contains(s, syscall) == allow_list) {
+ if (hashmap_contains(s, syscall) != allow_list) {
log_debug("Offending syscall filter item: %s", syscall);
if (ret_offending_syscall)
*ret_offending_syscall = syscall;