summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNirbheek Chauhan <nirbheek.chauhan@collabora.co.uk>2013-04-09 18:30:24 +0530
committerLennart Poettering <lennart@poettering.net>2013-05-06 21:17:37 +0200
commit80f53eb59516f87e26e3afa405c61b4eed9ffe30 (patch)
tree5d27b74325f58c694224a789d8caab8e268099c3
parent83374163014eb50ed0ecd4f18ab45e5280ce7081 (diff)
condition, man: Add support for ConditionSecurity=apparmor
Checking for the apparmor directory in securityfs means the apparmor module is loaded and enabled, and hence should suffice as a test. https://bugs.freedesktop.org/show_bug.cgi?id=63312
-rw-r--r--man/systemd.unit.xml3
-rw-r--r--src/core/condition.c2
2 files changed, 4 insertions, 1 deletions
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 2f2d1a1d4a..3360a719a2 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -984,7 +984,8 @@
may be used to check whether the given
security module is enabled on the
system. Currently the only recognized
- value is <varname>selinux</varname>.
+ values are <varname>selinux</varname>
+ and <varname>apparmor</varname>.
The test may be negated by prepending
an exclamation
mark.</para>
diff --git a/src/core/condition.c b/src/core/condition.c
index 30199c10e3..4aa5530c36 100644
--- a/src/core/condition.c
+++ b/src/core/condition.c
@@ -162,6 +162,8 @@ static bool test_security(const char *parameter) {
if (streq(parameter, "selinux"))
return is_selinux_enabled() > 0;
#endif
+ if (streq(parameter, "apparmor"))
+ return access("/sys/kernel/security/apparmor/", F_OK) == 0;
return false;
}