Skip to content

Commit 9f4f071

Browse files
committed
Move condition to only_if
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
1 parent f0a3f60 commit 9f4f071

1 file changed

Lines changed: 3 additions & 2 deletions

File tree

controls/sysctl_spec.rb

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -437,8 +437,9 @@
437437
impact 1.0
438438
title 'Restrict ptrace attach to privileged users'
439439
desc 'Ensure kernel.yama.ptrace_scope is set to at least 2 so unprivileged users cannot attach ptrace to arbitrary processes.'
440-
only_if { !container_execution }
440+
# exclude SuSE because it does not have this parameter
441+
only_if { !(container_execution || os.suse?) }
441442
describe kernel_parameter('kernel.yama.ptrace_scope') do
442-
its(:value) { should eq(2).or eq(3).or eq(nil) } # include nil because SuSE does not have this parameter
443+
its(:value) { should >= 2 }
443444
end
444445
end

0 commit comments

Comments
 (0)