Improve the hackish refinement of the CONFIG_ARCH_MMAP_RND_BITS check

Don't check CONFIG_ARCH_MMAP_RND_BITS if CONFIG_ARCH_MMAP_RND_BITS_MAX
was not found.

diff --git a/kernel_hardening_checker/__init__.py b/kernel_hardening_checker/__init__.py
index 212cf620dd78dd7722e17f2a0cc59f27d4f0cb8e..7cd3957565b9f14b9e1e35a735d9fa12263c4825 100644 (file)
--- a/kernel_hardening_checker/__init__.py
+++ b/kernel_hardening_checker/__init__.py
@@ -329,6 +329,10 @@ def main():
         mmap_rnd_bits_max = parsed_kconfig_options.get('CONFIG_ARCH_MMAP_RND_BITS_MAX', None)
         if mmap_rnd_bits_max:
             override_expected_value(config_checklist, 'CONFIG_ARCH_MMAP_RND_BITS', mmap_rnd_bits_max)
+        else:
+            # remove the CONFIG_ARCH_MMAP_RND_BITS check to avoid false results
+            print('[-] Can\'t check CONFIG_ARCH_MMAP_RND_BITS without CONFIG_ARCH_MMAP_RND_BITS_MAX')
+            config_checklist[:] = [o for o in config_checklist if o.name != 'CONFIG_ARCH_MMAP_RND_BITS']
 
         # now everything is ready, perform the checks
         perform_checks(config_checklist)