From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Sat, 1 Aug 2020 09:28:09 +0000 (+0200)
Subject: analyze-security: do not assign badness to filtered-out syscalls
X-Git-Tag: v247-rc1~411^2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=01ecb3674ad3650bcbb14155b2dcbd4b9f4ed57e;p=thirdparty%2Fsystemd.git

analyze-security: do not assign badness to filtered-out syscalls

Fixes #16451, https://bugzilla.redhat.com/show_bug.cgi?id=1856273.
---

diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index d4996c3c655..5356dafbb86 100644
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -566,7 +566,7 @@ static int assess_system_call_filter(
                                 b = 10;
                         } else {
                                 (void) asprintf(&d, "System call deny list defined for service, and %s is included", f->name);
-                                b = 5;
+                                b = 0;
                         }
                 }
         }