From 50b8f65490555d9d12fd28991040c00a358b3b84 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 20 Dec 2019 09:59:28 -0500
Subject: [PATCH] add sanity test: count if we really processed all files

---
 usr/lib/security-misc/permission-hardening | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/usr/lib/security-misc/permission-hardening b/usr/lib/security-misc/permission-hardening
index 05906ed..a7f5b7d 100755
--- a/usr/lib/security-misc/permission-hardening
+++ b/usr/lib/security-misc/permission-hardening
@@ -18,11 +18,12 @@ echo_wrapper() {
 
 add_nosuid_statoverride_entry() {
   fso_to_process="${fso_without_trailing_slash}/"
-  counter=0
+  should_be_counter="$(find "$fso_to_process" | wc -l)"
+  counter_actual=0
 
   while read -r line; do
     true "line: $line"
-    counter="$(( counter + 1 ))"
+    counter_actual="$(( counter_actual + 1 ))"
 
     arr=($line)
 
@@ -123,7 +124,13 @@ add_nosuid_statoverride_entry() {
   ## https://forums.whonix.org/t/kernel-hardening/7296/326
   done < <( find "$fso_to_process" -print0 | xargs -I{} -0 stat -c "%n %a %U %G" {} )
 
-  echo "INFO: fso_to_process: '$fso_to_process' | counter: '$counter'"
+  ## Sanity test.
+  if [ ! "$should_be_counter" = "$counter_actual" ]; then
+    echo "INFO: fso_to_process: '$fso_to_process' | counter_actual   : '$counter_actual'"
+    echo "INFO: fso_to_process: '$fso_to_process' | should_be_counter: '$should_be_counter'"
+    exit_code=202
+    echo "ERROR: counter does not check out." >&2
+  fi
 }
 
 set_file_perms() {