packages/digest-list-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
digest-list-tools/fix-error-exit-in-dracut-program.patch
gaoyusong a541c384b1 fix error exit in dracut program 
Signed-off-by: gaoyusong <gaoyusong2@huawei.com>
2022-12-20 17:01:13 +08:00

68 lines
2.0 KiB
Diff
Raw Permalink Blame History

From eb4f01db4a82a1c902d208a7b67acb8b4be0f1f6 Mon Sep 17 00:00:00 2001
From: gaoyusong <gaoyusong2@huawei.com>
Date: Tue, 20 Dec 2022 16:43:38 +0800
Subject: [PATCH] fix error exit in dracut program
---
initrd/dracut/load_digest_lists.sh | 45 ++++++++++++++----------------
1 file changed, 21 insertions(+), 24 deletions(-)
diff --git a/initrd/dracut/load_digest_lists.sh b/initrd/dracut/load_digest_lists.sh
index 9d6e5d1..8cb3e84 100644
--- a/initrd/dracut/load_digest_lists.sh
+++ b/initrd/dracut/load_digest_lists.sh
@@ -1,29 +1,26 @@
#! /bin/bash
-if [ ! -f /sys/kernel/security/ima/digest_list_data ]; then
- exit 0
-fi
+if [ -f /sys/kernel/security/ima/digest_list_data ]; then
+ digests_count=$(cat /sys/kernel/security/ima/digests_count)
+ if [ "$digests_count" != "0" ]; then
+ for f in $(find $NEWROOT/etc/ima/digest_lists -type f); do
+ if [ ! -f /etc/ima/digest_lists/$(basename $f) ]; then
+ process_digest_list=$(getfattr -m - -e hex -d $f \
+ 2> /dev/null | awk '{ if ($1 ~ /security.evm/) evm=1;
+ if ($1 ~ /security.ima=0x03/) ima=1; }
+ END{ if (evm || ima) print "1" }')
+ if [ -z "$process_digest_list" ]; then
+ continue
+ fi
-digests_count=$(cat /sys/kernel/security/ima/digests_count)
-if [ "$digests_count" = "0" ]; then
- exit 0
+ format=$(echo $f | cut -d - -f 3)
+ if [ "$format" = "compact" ]; then
+ echo $f > /sys/kernel/security/ima/digest_list_data
+ else
+ upload_digest_lists add $f
+ fi
+ fi
+ done
+ fi
fi
-for f in $(find $NEWROOT/etc/ima/digest_lists -type f); do
- if [ ! -f /etc/ima/digest_lists/$(basename $f) ]; then
- process_digest_list=$(getfattr -m - -e hex -d $f \
- 2> /dev/null | awk '{ if ($1 ~ /security.evm/) evm=1;
- if ($1 ~ /security.ima=0x03/) ima=1; }
- END{ if (evm || ima) print "1" }')
- if [ -z "$process_digest_list" ]; then
- continue
- fi
-
- format=$(echo $f | cut -d - -f 3)
- if [ "$format" = "compact" ]; then
- echo $f > /sys/kernel/security/ima/digest_list_data
- else
- upload_digest_lists add $f
- fi
- fi
-done
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink