From eb4f01db4a82a1c902d208a7b67acb8b4be0f1f6 Mon Sep 17 00:00:00 2001 From: gaoyusong Date: Tue, 20 Dec 2022 16:43:38 +0800 Subject: [PATCH] fix error exit in dracut program --- initrd/dracut/load_digest_lists.sh | 45 ++++++++++++++---------------- 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/initrd/dracut/load_digest_lists.sh b/initrd/dracut/load_digest_lists.sh index 9d6e5d1..8cb3e84 100644 --- a/initrd/dracut/load_digest_lists.sh +++ b/initrd/dracut/load_digest_lists.sh @@ -1,29 +1,26 @@ #! /bin/bash -if [ ! -f /sys/kernel/security/ima/digest_list_data ]; then - exit 0 -fi +if [ -f /sys/kernel/security/ima/digest_list_data ]; then + digests_count=$(cat /sys/kernel/security/ima/digests_count) + if [ "$digests_count" != "0" ]; then + for f in $(find $NEWROOT/etc/ima/digest_lists -type f); do + if [ ! -f /etc/ima/digest_lists/$(basename $f) ]; then + process_digest_list=$(getfattr -m - -e hex -d $f \ + 2> /dev/null | awk '{ if ($1 ~ /security.evm/) evm=1; + if ($1 ~ /security.ima=0x03/) ima=1; } + END{ if (evm || ima) print "1" }') + if [ -z "$process_digest_list" ]; then + continue + fi -digests_count=$(cat /sys/kernel/security/ima/digests_count) -if [ "$digests_count" = "0" ]; then - exit 0 + format=$(echo $f | cut -d - -f 3) + if [ "$format" = "compact" ]; then + echo $f > /sys/kernel/security/ima/digest_list_data + else + upload_digest_lists add $f + fi + fi + done + fi fi -for f in $(find $NEWROOT/etc/ima/digest_lists -type f); do - if [ ! -f /etc/ima/digest_lists/$(basename $f) ]; then - process_digest_list=$(getfattr -m - -e hex -d $f \ - 2> /dev/null | awk '{ if ($1 ~ /security.evm/) evm=1; - if ($1 ~ /security.ima=0x03/) ima=1; } - END{ if (evm || ima) print "1" }') - if [ -z "$process_digest_list" ]; then - continue - fi - - format=$(echo $f | cut -d - -f 3) - if [ "$format" = "compact" ]; then - echo $f > /sys/kernel/security/ima/digest_list_data - else - upload_digest_lists add $f - fi - fi -done -- 2.27.0