[secureboot] only remove exec bit in secureboot (#4836)

Address issue #4832
2020-06-25 10:07:50 -07:00 · 2020-06-25 10:07:50 -07:00 · 719c8e68c8
commit 719c8e68c8
parent de07029352 f7d43173a2
1 changed files with 5 additions and 4 deletions
--- a/files/initramfs-tools/union-mount.j2
+++ b/files/initramfs-tools/union-mount.j2
@ -94,11 +94,12 @@ if $secureboot; then
    else
        allowlist_file=${rootmnt}/host/$image_dir/allowlist_paths.conf
    fi
-    remove_not_in_allowlist_files "$allowlist_file" "$rw_dir"
-fi

-## Remove the executable permission for all the files in rw folder except home folder
-find ${rw_dir} -type f -not -path ${rw_dir}/home -exec chmod a-x {} +
+    remove_not_in_allowlist_files "$allowlist_file" "$rw_dir"
+
+    ## Remove the executable permission for all the files in rw folder except home folder
+    find ${rw_dir} -type f -not -path ${rw_dir}/home -exec chmod a-x {} +
+fi

 mount -n -o lowerdir=${rootmnt},upperdir=${rw_dir},workdir=${work_dir} -t overlay root-overlay ${rootmnt}