From dd51e725df9aec2847482131ef601e0215b371a0 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Fri, 1 Apr 2022 00:54:53 +0100
Subject: [PATCH] analyze: fix offline check for syscal filter

The deny/allow list check was inverted, if we are deny listing and the
hashmap contains the syscall then that's good

Fixes https://github.com/systemd/systemd/issues/22914
---
 src/analyze/analyze-security.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index 61e5e71ba65..cfda6580a7c 100644
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -590,7 +590,7 @@ static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFi
                 if (id < 0)
                         continue;
 
-                if (hashmap_contains(s, syscall) == allow_list) {
+                if (hashmap_contains(s, syscall) != allow_list) {
                         log_debug("Offending syscall filter item: %s", syscall);
                         if (ret_offending_syscall)
                                 *ret_offending_syscall = syscall;
-- 
2.47.3