[secureboot] only remove exec bit in secureboot

Address issue #4832
This commit is contained in:
Samuel Angebault 2020-06-23 11:33:44 -07:00
parent 1e81e1da8e
commit f7d43173a2

View File

@ -94,11 +94,12 @@ if $secureboot; then
else else
allowlist_file=${rootmnt}/host/$image_dir/allowlist_paths.conf allowlist_file=${rootmnt}/host/$image_dir/allowlist_paths.conf
fi fi
remove_not_in_allowlist_files "$allowlist_file" "$rw_dir" remove_not_in_allowlist_files "$allowlist_file" "$rw_dir"
fi
## Remove the executable permission for all the files in rw folder except home folder ## Remove the executable permission for all the files in rw folder except home folder
find ${rw_dir} -type f -not -path ${rw_dir}/home -exec chmod a-x {} + find ${rw_dir} -type f -not -path ${rw_dir}/home -exec chmod a-x {} +
fi
mount -n -o lowerdir=${rootmnt},upperdir=${rw_dir},workdir=${work_dir} -t overlay root-overlay ${rootmnt} mount -n -o lowerdir=${rootmnt},upperdir=${rw_dir},workdir=${work_dir} -t overlay root-overlay ${rootmnt}