X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2Fchecks.py;fp=kconfig_hardened_check%2Fchecks.py;h=fc63f3a7df593bf2ec1c4235cca04a110fe3dbba;hb=b23f245bfa6ad860692a78d4acb71933608bab32;hp=4a994e706b3d6ffd26d1213c4f5b01bdadd722d2;hpb=59f734d0799495797819a140b532b7fc1932ded2;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py
index 4a994e7..fc63f3a 100644
--- a/kconfig_hardened_check/checks.py
+++ b/kconfig_hardened_check/checks.py
@@ -583,7 +583,6 @@ def add_sysctl_checks(l, arch):
 #    user.max_user_namespaces=0 (for Debian, also see kernel.unprivileged_userns_clone)
 #    what about bpf_jit_enable?
 #    kernel.unprivileged_bpf_disabled=1
-#    net.core.bpf_jit_harden=2
 #    vm.unprivileged_userfaultfd=0
 #        (at first, it disabled unprivileged userfaultfd,
 #         and since v5.11 it enables unprivileged userfaultfd for user-mode only)
@@ -607,4 +606,7 @@ def add_sysctl_checks(l, arch):
 #
 # Calling the SysctlCheck class constructor:
 #   SysctlCheck(reason, decision, name, expected)
+
+    l += [SysctlCheck('self_protection', 'kspp', 'net.core.bpf_jit_harden', '2')]
+
     l += [SysctlCheck('self_protection', 'kspp', 'kernel.dmesg_restrict', '1')]