X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kernel_hardening_checker%2Fchecks.py;h=fa2de4240e244ead8c9d0e90ea977095d1f50216;hb=22314345541d97b8f095aec733ef44620ba54801;hp=9cb414ee1d3742da755a16d1dee54980a242d479;hpb=6d15e0e643293c38de7cfbdf71149d474801b3c7;p=kconfig-hardened-check.git

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index 9cb414e..fa2de42 100755
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -716,7 +716,7 @@ def add_sysctl_checks(l: List[ChecklistObjType], _arch: StrOrNone) -> None:
           # At first, it disabled unprivileged userfaultfd,
           # and since v5.11 it enables unprivileged userfaultfd for user-mode only.
 
-    l += [OR(SysctlCheck('cut_attack_surface', 'clipos', 'kernel.modules_disabled', '1'),
+    l += [OR(SysctlCheck('cut_attack_surface', 'kspp', 'kernel.modules_disabled', '1'),
              AND(KconfigCheck('cut_attack_surface', 'kspp', 'MODULES', 'is not set'),
                  have_kconfig))] # radical, but may be useful in some cases