From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 16 Jun 2024 05:48:52 +0000 (+0300)
Subject: Update the 'kernel.modules_disabled' check
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=22314345541d97b8f095aec733ef44620ba54801;hp=6d15e0e643293c38de7cfbdf71149d474801b3c7;p=kconfig-hardened-check.git

Update the 'kernel.modules_disabled' check
---

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index 9cb414e..fa2de42 100755
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -716,7 +716,7 @@ def add_sysctl_checks(l: List[ChecklistObjType], _arch: StrOrNone) -> None:
           # At first, it disabled unprivileged userfaultfd,
           # and since v5.11 it enables unprivileged userfaultfd for user-mode only.
 
-    l += [OR(SysctlCheck('cut_attack_surface', 'clipos', 'kernel.modules_disabled', '1'),
+    l += [OR(SysctlCheck('cut_attack_surface', 'kspp', 'kernel.modules_disabled', '1'),
              AND(KconfigCheck('cut_attack_surface', 'kspp', 'MODULES', 'is not set'),
                  have_kconfig))] # radical, but may be useful in some cases