From 1bfde74ad6ce5385fbdfc2f9d99456f66d6a3f67 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Thu, 27 Feb 2025 13:02:54 +0000
Subject: [PATCH] Improve logic

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_1/cis_1.4.x.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tasks/section_1/cis_1.4.x.yml b/tasks/section_1/cis_1.4.x.yml
index 004bfca..8d8c21b 100644
--- a/tasks/section_1/cis_1.4.x.yml
+++ b/tasks/section_1/cis_1.4.x.yml
@@ -57,10 +57,11 @@
         - name: "1.4.2 | PATCH | Ensure permissions on bootloader config are configured | efi based system | Build Options"
           when: item not in discovered_efi_fstab.stdout
           ansible.builtin.set_fact:
-            efi_mount_opts_addition: "{{ efi_mount_opts_addition + item + ',' }}"
+            efi_mount_opts_addition: "{{ efi_mount_opts_addition + ',' + item  }}"
           loop: "{{ efi_mount_options }}"
 
         - name: "1.4.2 | PATCH | Ensure permissions on bootloader config are configured | efi based system | Add mount options"
+          when: efi_mount_opts_addition | length > 0
           ansible.builtin.lineinfile:
             path: /etc/fstab
             regexp: (.*/boot/efi\s*\w*\s*){{ discovered_efi_fstab.stdout }}(.*)