From 1750e30d237e6d9cdebc6b546d0a26342828dbd1 Mon Sep 17 00:00:00 2001
From: Eugeny Shcheglov <eugenyshcheglov@gmail.com>
Date: Mon, 24 Jun 2024 21:23:50 +0300
Subject: [PATCH] Fix typo in CAP_BPF description (#33464)

description_good and description_bad are mixed up. Disabling CAP_BPF results in the inability to load BPF, not the other way around.
---
 src/analyze/analyze-security.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index 6aa67a9339..9a247a085a 100644
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -1244,8 +1244,8 @@ static const struct security_assessor security_assessor_table[] = {
         {
                 .id = "CapabilityBoundingSet=~CAP_BPF",
                 .json_field = "CapabilityBoundingSet_CAP_BPF",
-                .description_good = "Service may load BPF programs",
-                .description_bad = "Service may not load BPF programs",
+                .description_good = "Service may not load BPF programs",
+                .description_bad = "Service may load BPF programs",
                 .url = "https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=",
                 .weight = 25,
                 .range = 1,
-- 
2.25.1