From: Luca Boccassi <bluca@debian.org>
Date: Thu, 31 Mar 2022 23:54:53 +0000 (+0100)
Subject: analyze: fix offline check for syscal filter
X-Git-Tag: v251-rc2~225^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F22926%2Fhead;p=thirdparty%2Fsystemd.git

analyze: fix offline check for syscal filter

The deny/allow list check was inverted, if we are deny listing and the
hashmap contains the syscall then that's good

Fixes https://github.com/systemd/systemd/issues/22914
---

diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index 61e5e71ba65..cfda6580a7c 100644
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -590,7 +590,7 @@ static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFi
                 if (id < 0)
                         continue;
 
-                if (hashmap_contains(s, syscall) == allow_list) {
+                if (hashmap_contains(s, syscall) != allow_list) {
                         log_debug("Offending syscall filter item: %s", syscall);
                         if (ret_offending_syscall)
                                 *ret_offending_syscall = syscall;