| Message ID | 20190727031900.7140-1-vt@altlinux.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1/2] ima-evm-utils: Fix ima_verify return value on multiple files | expand |
On Sat, 2019-07-27 at 06:18 +0300, Vitaly Chikunov wrote: > If any tested file results in failure produce failure exit code. > Previously exit code affected only by the last file tested. > > Fixes: "Allow multiple files in ima_verify" > Signed-off-by: Vitaly Chikunov <vt@altlinux.org> > --- > > I decided not to rebase "Allow multiple files in ima_verify" to not create > merge conflicts with "Namespace some too generic object names". This is fine, thanks. Mimi
diff --git a/src/evmctl.c b/src/evmctl.c index b02be8b..d33a91e 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -887,7 +887,7 @@ static int verify_ima(const char *file) static int cmd_verify_ima(struct command *cmd) { char *file = g_argv[optind++]; - int err; + int err, fails = 0; if (imaevm_params.keyfile) /* Support multiple public keys */ init_public_keys(imaevm_params.keyfile); @@ -903,10 +903,12 @@ static int cmd_verify_ima(struct command *cmd) do { err = verify_ima(file); + if (err) + fails++; if (!err && imaevm_params.verbose >= LOG_INFO) log_info("%s: verification is OK\n", file); } while ((file = g_argv[optind++])); - return err; + return fails > 0; } static int cmd_convert(struct command *cmd)
If any tested file results in failure produce failure exit code. Previously exit code affected only by the last file tested. Fixes: "Allow multiple files in ima_verify" Signed-off-by: Vitaly Chikunov <vt@altlinux.org> --- I decided not to rebase "Allow multiple files in ima_verify" to not create merge conflicts with "Namespace some too generic object names". src/evmctl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)