diff options
author | Luca Boccassi <bluca@debian.org> | 2022-04-01 01:54:53 +0200 |
---|---|---|
committer | Luca Boccassi <bluca@debian.org> | 2022-04-01 11:42:48 +0200 |
commit | dd51e725df9aec2847482131ef601e0215b371a0 (patch) | |
tree | 9125a6061e42323a14d88565e354b60848f0f241 /src/analyze/analyze-security.c | |
parent | analyze: fix offline check for 'native' syscall architecture (diff) | |
download | systemd-dd51e725df9aec2847482131ef601e0215b371a0.tar.xz systemd-dd51e725df9aec2847482131ef601e0215b371a0.zip |
analyze: fix offline check for syscal filter
The deny/allow list check was inverted, if we are deny listing and the
hashmap contains the syscall then that's good
Fixes https://github.com/systemd/systemd/issues/22914
Diffstat (limited to '')
-rw-r--r-- | src/analyze/analyze-security.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index 61e5e71ba6..cfda6580a7 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -590,7 +590,7 @@ static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFi if (id < 0) continue; - if (hashmap_contains(s, syscall) == allow_list) { + if (hashmap_contains(s, syscall) != allow_list) { log_debug("Offending syscall filter item: %s", syscall); if (ret_offending_syscall) *ret_offending_syscall = syscall; |