X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=fe69e1e8d0bbaa69b00741bd63de90f80ee0e8b5;hb=4c7a125eb7a2fe97c5b3e81dad4768b45d915d0a;hp=ca593db5f7b3582f13a292e12391b6f10678004e;hpb=75143ce19a1b112186bd75e7f5cd532099cf34b1;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index ca593db..fe69e1e 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -41,6 +41,7 @@
 #    kernel.kexec_load_disabled=1
 #    kernel.yama.ptrace_scope=3
 #    user.max_user_namespaces=0
+#    what about bpf_jit_enable?
 #    kernel.unprivileged_bpf_disabled=1
 #    net.core.bpf_jit_harden=2
 #
@@ -492,7 +493,6 @@ def construct_checklist(l, arch):
     l += [OptCheck('cut_attack_surface', 'my', 'IP_DCCP', 'is not set')]
     l += [OptCheck('cut_attack_surface', 'my', 'IP_SCTP', 'is not set')]
     l += [OptCheck('cut_attack_surface', 'my', 'FTRACE', 'is not set')] # refers to LOCKDOWN
-    l += [OptCheck('cut_attack_surface', 'my', 'BPF_JIT', 'is not set')]
     l += [OptCheck('cut_attack_surface', 'my', 'VIDEO_VIVID', 'is not set')]
     l += [OptCheck('cut_attack_surface', 'my', 'INPUT_EVBUG', 'is not set')] # Can be used as a keylogger