[secureboot] only remove exec bit in secureboot

Address issue sonic-net#4832
Staphylo · Jun 23, 2020 · f7d4317 · f7d4317
1 parent 1e81e1d
commit f7d4317
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/files/initramfs-tools/union-mount.j2 b/files/initramfs-tools/union-mount.j2
@@ -94,11 +94,12 @@ if $secureboot; then
     else
         allowlist_file=${rootmnt}/host/$image_dir/allowlist_paths.conf
     fi
+
     remove_not_in_allowlist_files "$allowlist_file" "$rw_dir"
-fi
 
-## Remove the executable permission for all the files in rw folder except home folder
-find ${rw_dir} -type f -not -path ${rw_dir}/home -exec chmod a-x {} +
+    ## Remove the executable permission for all the files in rw folder except home folder
+    find ${rw_dir} -type f -not -path ${rw_dir}/home -exec chmod a-x {} +
+fi
 
 mount -n -o lowerdir=${rootmnt},upperdir=${rw_dir},workdir=${work_dir} -t overlay root-overlay ${rootmnt}