@@ -26,7 +26,7 @@ clean-local:
distclean: distclean-keys
shellcheck:
- shellcheck -i SC2086,SC2181,SC2046 \
+ shellcheck -i SC2086,SC2181,SC2046,SC2320 \
functions.sh gen-keys.sh install-fsverity.sh \
install-mount-idmapped.sh install-openssl3.sh \
install-swtpm.sh install-tss.sh softhsm_setup \
@@ -97,14 +97,12 @@ check_load_ima_rule() {
new_policy=$(mktemp -p "$g_mountpoint")
echo "$1" > "$new_policy"
- echo "$new_policy" > /sys/kernel/security/ima/policy
- result=$?
- rm -f "$new_policy"
-
- if [ "$result" -ne 0 ]; then
+ if ! echo "$new_policy" > /sys/kernel/security/ima/policy; then
+ rm -f "$new_policy"
echo "${RED}Failed to set IMA policy${NORM}"
return "$HARDFAIL"
fi
+ rm -f "$new_policy"
return "$OK"
}
@@ -80,7 +80,6 @@ METADATA_CHANGE_FOWNER_2=3002
check_load_ima_rule() {
local rule_loaded
- local result
local new_policy
rule_loaded=$(grep "$1" /sys/kernel/security/ima/policy)
@@ -88,14 +87,12 @@ check_load_ima_rule() {
new_policy=$(mktemp -p "$g_mountpoint")
echo "$1" > "$new_policy"
evmctl sign -o -a sha256 --imasig --key "$key_path" "$new_policy" &> /dev/null
- echo "$new_policy" > /sys/kernel/security/ima/policy
- result=$?
- rm -f "$new_policy"
-
- if [ "$result" -ne 0 ]; then
+ if ! echo "$new_policy" > /sys/kernel/security/ima/policy; then
+ rm -f "$new_policy"
echo "${RED}Failed to set IMA policy${NORM}"
return "$FAIL"
fi
+ rm -f "${new_policy}"
fi
return "$OK"
Address issues raised by shellcheck SC2320: "This $? refers to echo/printf, not a previous command. Assign to variable to avoid it being overwritten." Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- tests/Makefile.am | 2 +- tests/mmap_check.test | 8 +++----- tests/portable_signatures.test | 9 +++------ 3 files changed, 7 insertions(+), 12 deletions(-)