Fix the reason and decision of the BPF_JIT check

author Alexander Popov <alex.popov@linux.com>

Thu, 2 May 2024 11:52:27 +0000 (14:52 +0300)

committer Alexander Popov <alex.popov@linux.com>

Thu, 2 May 2024 11:52:27 +0000 (14:52 +0300)
author Alexander Popov <alex.popov@linux.com>
Thu, 2 May 2024 11:52:27 +0000 (14:52 +0300)
committer Alexander Popov <alex.popov@linux.com>
Thu, 2 May 2024 11:52:27 +0000 (14:52 +0300)
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py

index 9093b9b014d89e41b583512b47bb2b2e5ec20795..a1fb941ea5dbd5c7710d245cafe02339095c6f31 100644 (file)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -667,7 +667,7 @@ def add_sysctl_checks(l, _arch):
      have_config_file = KconfigCheck('-', '-', 'LOCALVERSION', 'is present')
  
      l += [OR(SysctlCheck('self_protection', 'kspp', 'net.core.bpf_jit_harden', '2'),
-             AND(KconfigCheck('cut_attack_surface', 'kspp', 'BPF_JIT', 'is not set'),
+             AND(KconfigCheck('-', '-', 'BPF_JIT', 'is not set'),
                   have_config_file))]
  
      l += [SysctlCheck('cut_attack_surface', 'kspp', 'kernel.dmesg_restrict', '1')]
author	Alexander Popov <alex.popov@linux.com>
	Thu, 2 May 2024 11:52:27 +0000 (14:52 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Thu, 2 May 2024 11:52:27 +0000 (14:52 +0300)