From: Alexander Popov <alex.popov@linux.com>
Date: Wed, 18 Oct 2023 07:30:36 +0000 (+0300)
Subject: Fix the reason for the 'kernel.yama.ptrace_scope' check
X-Git-Tag: v0.6.6~49
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=0945ed918e4c1278691b491f9dde8b2ba398e401;p=kconfig-hardened-check.git

Fix the reason for the 'kernel.yama.ptrace_scope' check
---

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index d1c83db..96da656 100644
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -604,7 +604,6 @@ def add_sysctl_checks(l, arch):
     l += [SysctlCheck('cut_attack_surface', 'kspp', 'dev.tty.ldisc_autoload', '0')]
     l += [SysctlCheck('cut_attack_surface', 'kspp', 'kernel.unprivileged_bpf_disabled', '1')]
     l += [SysctlCheck('cut_attack_surface', 'kspp', 'kernel.kptr_restrict', '2')]
-    l += [SysctlCheck('cut_attack_surface', 'kspp', 'kernel.yama.ptrace_scope', '3')]
     l += [SysctlCheck('cut_attack_surface', 'kspp', 'dev.tty.legacy_tiocsti', '0')]
     l += [SysctlCheck('cut_attack_surface', 'kspp', 'vm.unprivileged_userfaultfd', '0')]
           # At first, it disabled unprivileged userfaultfd,
@@ -616,3 +615,4 @@ def add_sysctl_checks(l, arch):
     l += [SysctlCheck('harden_userspace', 'kspp', 'fs.protected_regular', '2')]
     l += [SysctlCheck('harden_userspace', 'kspp', 'fs.suid_dumpable', '0')]
     l += [SysctlCheck('harden_userspace', 'kspp', 'kernel.randomize_va_space', '2')]
+    l += [SysctlCheck('harden_userspace', 'kspp', 'kernel.yama.ptrace_scope', '3')]