From f7d43173a2cddd714ecd5f71fd1b26119185476d Mon Sep 17 00:00:00 2001
From: Samuel Angebault <staphylo@arista.com>
Date: Tue, 23 Jun 2020 11:33:44 -0700
Subject: [PATCH] [secureboot] only remove exec bit in secureboot

Address issue #4832
---
 files/initramfs-tools/union-mount.j2 | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/files/initramfs-tools/union-mount.j2 b/files/initramfs-tools/union-mount.j2
index a335e81e194c..ea43eddb9dc3 100644
--- a/files/initramfs-tools/union-mount.j2
+++ b/files/initramfs-tools/union-mount.j2
@@ -94,11 +94,12 @@ if $secureboot; then
     else
         allowlist_file=${rootmnt}/host/$image_dir/allowlist_paths.conf
     fi
+
     remove_not_in_allowlist_files "$allowlist_file" "$rw_dir"
-fi
 
-## Remove the executable permission for all the files in rw folder except home folder
-find ${rw_dir} -type f -not -path ${rw_dir}/home -exec chmod a-x {} +
+    ## Remove the executable permission for all the files in rw folder except home folder
+    find ${rw_dir} -type f -not -path ${rw_dir}/home -exec chmod a-x {} +
+fi
 
 mount -n -o lowerdir=${rootmnt},upperdir=${rw_dir},workdir=${work_dir} -t overlay root-overlay ${rootmnt}