diff options
author | Nirbheek Chauhan <nirbheek.chauhan@collabora.co.uk> | 2013-04-09 18:30:24 +0530 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2013-05-06 21:17:37 +0200 |
commit | 80f53eb59516f87e26e3afa405c61b4eed9ffe30 (patch) | |
tree | 5d27b74325f58c694224a789d8caab8e268099c3 | |
parent | 83374163014eb50ed0ecd4f18ab45e5280ce7081 (diff) |
condition, man: Add support for ConditionSecurity=apparmor
Checking for the apparmor directory in securityfs means the apparmor module is
loaded and enabled, and hence should suffice as a test.
https://bugs.freedesktop.org/show_bug.cgi?id=63312
-rw-r--r-- | man/systemd.unit.xml | 3 | ||||
-rw-r--r-- | src/core/condition.c | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 2f2d1a1d4a..3360a719a2 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -984,7 +984,8 @@ may be used to check whether the given security module is enabled on the system. Currently the only recognized - value is <varname>selinux</varname>. + values are <varname>selinux</varname> + and <varname>apparmor</varname>. The test may be negated by prepending an exclamation mark.</para> diff --git a/src/core/condition.c b/src/core/condition.c index 30199c10e3..4aa5530c36 100644 --- a/src/core/condition.c +++ b/src/core/condition.c @@ -162,6 +162,8 @@ static bool test_security(const char *parameter) { if (streq(parameter, "selinux")) return is_selinux_enabled() > 0; #endif + if (streq(parameter, "apparmor")) + return access("/sys/kernel/security/apparmor/", F_OK) == 0; return false; } |