From 5247b078711dbab3bf40eba059b74d2c903046cc Mon Sep 17 00:00:00 2001
From: Martin Schurz <Martin.Schurz@t-systems.com>
Date: Mon, 11 Jul 2022 12:05:53 +0200
Subject: [PATCH] fix handling of sysctl fs.protected_fifos and
 fs.protected_regular

our solution with cmp for fs.protected_fifos did not work. Checking for
all possible values combined with an `or` seems more reasonable here.

Also both sysctl parameters are not available in RHEL7. The chosen
solution seems to be the least complex, that also works on all systems.

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
---
 controls/sysctl_spec.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/controls/sysctl_spec.rb b/controls/sysctl_spec.rb
index 2afca30..8dae330 100644
--- a/controls/sysctl_spec.rb
+++ b/controls/sysctl_spec.rb
@@ -414,13 +414,13 @@
   desc 'Protects against common exploits in regards to links, fifos and regular files created or controlled by attackers'
   only_if { !container_execution }
   describe kernel_parameter('fs.protected_fifos') do
-    its(:value) { should match cmp(/(1|2)/) }
+    its(:value) { should eq(1).or eq(2).or eq(nil) } # include nil because RHEL7 does not have this parameter
   end
   describe kernel_parameter('fs.protected_hardlinks') do
     its(:value) { should eq 1 }
   end
   describe kernel_parameter('fs.protected_regular') do
-    its(:value) { should eq 2 }
+    its(:value) { should eq(2).or eq(nil) } # include nil because RHEL7 does not have this parameter
   end
   describe kernel_parameter('fs.protected_symlinks') do
     its(:value) { should eq 1 }