| Message ID | 20190707234837.4866-5-vt@altlinux.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ima-evm-utils: Assorted fixes and improvements | expand |
Mimi, On Mon, Jul 08, 2019 at 02:48:36AM +0300, Vitaly Chikunov wrote: > This allows testing multiple verify in a row, similar to ima_measurement. > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org> > --- > src/evmctl.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/src/evmctl.c b/src/evmctl.c > index fac593a..7ce2022 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > @@ -850,9 +850,11 @@ static int cmd_verify_ima(struct command *cmd) > return -1; > } > > - err = verify_ima(file); > - if (!err && params.verbose >= LOG_INFO) > - log_info("%s: verification is OK\n", file); > + do { > + err = verify_ima(file); > + if (!err && params.verbose >= LOG_INFO) > + log_info("%s: verification is OK\n", file); > + } while ((file = g_argv[optind++])); Currently `err' is affected only by the last verified file. But I think value of err should be affected by results from all files. But how? Should we AND verification results or OR? I think it should be ANDed and will send new version of this patch. Thanks, > return err; > } > > -- > 2.11.0
diff --git a/src/evmctl.c b/src/evmctl.c index fac593a..7ce2022 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -850,9 +850,11 @@ static int cmd_verify_ima(struct command *cmd) return -1; } - err = verify_ima(file); - if (!err && params.verbose >= LOG_INFO) - log_info("%s: verification is OK\n", file); + do { + err = verify_ima(file); + if (!err && params.verbose >= LOG_INFO) + log_info("%s: verification is OK\n", file); + } while ((file = g_argv[optind++])); return err; }
This allows testing multiple verify in a row, similar to ima_measurement. Signed-off-by: Vitaly Chikunov <vt@altlinux.org> --- src/evmctl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)