http://bugzilla.opensuse.org/show_bug.cgi?id=1187654 http://bugzilla.opensuse.org/show_bug.cgi?id=1187654#c23 Antonio Feijoo <antonio.feijoo@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo? | --- Comment #23 from Antonio Feijoo <antonio.feijoo@suse.com> --- (In reply to Alberto Planas Dominguez from comment #22)
(In reply to Antonio Feijoo from comment #21)
No, with this fix if there is not any cert file in /sysroot/etc/keys/ima, no message is shown.
Uhm, I mean if RD_DEBUG was "yes" it will show "integrity: IMA x509 cert file not found: /sysroot/etc/keys/ima/*"
That part of the code is inside the loop content and is never reached if there is no file. The same structure is used in evm-enable.sh, and you don't see any "integrity: EVM x509 cert file not found" messages. Try it yourself.
for PUBKEY in "${NEWROOT}${IMAKEYSDIR}"/*; do # check for public key's existence if [ ! -f "${PUBKEY}" ]; then if [ "${RD_DEBUG}" = "yes" ]; then info "integrity: IMA x509 cert file not found: ${PUBKEY}" fi continue fi ... done
-- You are receiving this mail because: You are on the CC list for the bug.