analyze: CAP_RAWIO -> CAP_SYS_RAWIO

author Anita Zhang <the.anitazha@gmail.com>

Thu, 16 Jul 2020 18:36:28 +0000 (11:36 -0700)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Thu, 16 Jul 2020 19:14:59 +0000 (21:14 +0200)
author Anita Zhang <the.anitazha@gmail.com>
Thu, 16 Jul 2020 18:36:28 +0000 (11:36 -0700)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Thu, 16 Jul 2020 19:14:59 +0000 (21:14 +0200)
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c

index 441fb0075c8c72266f9707a5aad6020f5297f5d5..d4996c3c6552f477d5c5d80241ffb651373dbfef 100644 (file)
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -914,7 +914,7 @@ static const struct security_assessor security_assessor_table[] = {
                  .parameter = (UINT64_C(1) << CAP_NET_ADMIN),
          },
          {
-                .id = "CapabilityBoundingSet=~CAP_RAWIO",
+                .id = "CapabilityBoundingSet=~CAP_SYS_RAWIO",
                  .description_good = "Service has no raw I/O access",
                  .description_bad = "Service has raw I/O access",
                  .url = "https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=",
author	Anita Zhang <the.anitazha@gmail.com>
	Thu, 16 Jul 2020 18:36:28 +0000 (11:36 -0700)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Thu, 16 Jul 2020 19:14:59 +0000 (21:14 +0200)