projects / kconfig-hardened-check.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix the reason and decision of the BPF_JIT check
[kconfig-hardened-check.git] / kernel_hardening_checker / checks.py
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index 9093b9b014d89e41b583512b47bb2b2e5ec20795..a1fb941ea5dbd5c7710d245cafe02339095c6f31 100644 (file)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -667,7 +667,7 @@ def add_sysctl_checks(l, _arch):
     have_config_file = KconfigCheck('-', '-', 'LOCALVERSION', 'is present')
 
     l += [OR(SysctlCheck('self_protection', 'kspp', 'net.core.bpf_jit_harden', '2'),
-             AND(KconfigCheck('cut_attack_surface', 'kspp', 'BPF_JIT', 'is not set'),
+             AND(KconfigCheck('-', '-', 'BPF_JIT', 'is not set'),
                  have_config_file))]
 
     l += [SysctlCheck('cut_attack_surface', 'kspp', 'kernel.dmesg_restrict', '1')]
kconfig-hardened-check