analyze: CAP_RAWIO -> CAP_SYS_RAWIO

author Anita Zhang <the.anitazha@gmail.com>

Thu, 16 Jul 2020 18:36:28 +0000 (11:36 -0700)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Mon, 27 Jul 2020 08:26:34 +0000 (10:26 +0200)
author Anita Zhang <the.anitazha@gmail.com>
Thu, 16 Jul 2020 18:36:28 +0000 (11:36 -0700)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Mon, 27 Jul 2020 08:26:34 +0000 (10:26 +0200)
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c

index d681251c0460ed669a1e9fab14cbc5a76bd31e71..5e7756bff2cca5ba84c36f383dcf6b4127db8bb4 100644 (file)
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -913,7 +913,7 @@ static const struct security_assessor security_assessor_table[] = {
                  .parameter = (UINT64_C(1) << CAP_NET_ADMIN),
          },
          {
-                .id = "CapabilityBoundingSet=~CAP_RAWIO",
+                .id = "CapabilityBoundingSet=~CAP_SYS_RAWIO",
                  .description_good = "Service has no raw I/O access",
                  .description_bad = "Service has raw I/O access",
                  .url = "https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=",
author	Anita Zhang <the.anitazha@gmail.com>
	Thu, 16 Jul 2020 18:36:28 +0000 (11:36 -0700)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Mon, 27 Jul 2020 08:26:34 +0000 (10:26 +0200)