From 65b361e69aa6fc964ff93cac1590dfc05d59a891 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Fri, 1 Apr 2022 00:54:53 +0100
Subject: [PATCH] analyze: fix offline check for syscal filter

The deny/allow list check was inverted, if we are deny listing and the
hashmap contains the syscall then that's good

Fixes https://github.com/systemd/systemd/issues/22914

(cherry picked from commit dd51e725df9aec2847482131ef601e0215b371a0)
(cherry picked from commit b5dfdf0301c5042a6882fe03cb167968ba8e3ee5)
---
 src/analyze/analyze-security.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index 309e9a81b5..992b1da497 100644
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -556,7 +556,7 @@ static bool syscall_names_in_filter(Set *s, bool allow_list, const SyscallFilter
                 if (id < 0)
                         continue;
 
-                if (set_contains(s, syscall) == allow_list) {
+                if (set_contains(s, syscall) != allow_list) {
                         log_debug("Offending syscall filter item: %s", syscall);
                         if (ret_offending_syscall)
                                 *ret_offending_syscall = syscall;
-- 
2.25.1