Fix typo in CAP_BPF description (#33464)

description_good and description_bad are mixed up. Disabling CAP_BPF results in the inability to load BPF, not the other way around.

diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index 6aa67a933954587870a3eb2cc9199470e7ebfb13..9a247a085a7a7ba8ed42e1f06ca3c189d8ddd0b0 100644 (file)
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -1244,8 +1244,8 @@ static const struct security_assessor security_assessor_table[] = {
         {
                 .id = "CapabilityBoundingSet=~CAP_BPF",
                 .json_field = "CapabilityBoundingSet_CAP_BPF",
-                .description_good = "Service may load BPF programs",
-                .description_bad = "Service may not load BPF programs",
+                .description_good = "Service may not load BPF programs",
+                .description_bad = "Service may load BPF programs",
                 .url = "https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=",
                 .weight = 25,
                 .range = 1,