L1TF/Linux: More fixes to /sys based hypervisor detection
We are now able to figure out whether or not we are running an hypervisor (at least potentially) via /sys, so let's actually use that information. This commit makes sure that, both when running with no options and with `--sysfs-only`, finding 'VMX' inside the L1TF sysfs vulnerability file is enough for calling the system a virtualization host.
This commit is contained in:
parent
e819a27939
commit
0421aea53f
|
@ -3792,9 +3792,8 @@ check_CVE_2018_3646_linux()
|
|||
has_vmm=1;
|
||||
fi
|
||||
fi
|
||||
if [ "$opt_sysfs_only" != 1 ]; then
|
||||
_info_nol "* This system is a host running a hypervisor: "
|
||||
if [ "$has_vmm" = -1 ]; then
|
||||
if [ "$has_vmm" = -1 ] && [ "$opt_sysfs_only" != 1 ]; then
|
||||
# Assumed to be running on bare metal unless evidence of vm is found.
|
||||
has_vmm=0
|
||||
# if we have the 'kvm_intel' module loaded, well, we defintely can run VMs!
|
||||
|
@ -3846,6 +3845,7 @@ check_CVE_2018_3646_linux()
|
|||
fi
|
||||
fi
|
||||
|
||||
if [ "$opt_sysfs_only" != 1 ]; then
|
||||
_info "* Mitigation 1 (KVM)"
|
||||
_info_nol " * EPT is disabled: "
|
||||
if [ "$opt_live" = 1 ]; then
|
||||
|
|
Loading…
Reference in New Issue