Add support for ConditionSecurity=ima

Just as with SMACK, we don't really know if a policy has been loaded or not, as the policy interface is write-only. Assume therefore that if ima is present in securityfs that it is enabled. Update the man page to reflect that "ima" is a valid option now as well.
author: Auke Kok <auke-jan.h.kok@intel.com> 2013-05-11 13:40:08 -0700
committer: Auke Kok <auke-jan.h.kok@intel.com> 2013-05-11 13:42:55 -0700
commit: 9d995d54b54dcf9c776a0d88edad3b6aab3c36b5 (patch)
tree: b97498e173477bac0eeea878099068cdf7f173e9 /man
parent: a41f47abd349b55fc4077fbb69d5da7eb6663668 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index c56837a6e5..5ab988178d 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -983,9 +983,10 @@
                                 <para><varname>ConditionSecurity=</varname>
                                 may be used to check whether the given
                                 security module is enabled on the
-                                system.  Currently the only recognized
+                                system. Currently the recognized values
                                 values are <varname>selinux</varname>,
-                                <varname>apparmor</varname>, and
+                                <varname>apparmor</varname>,
+                                <varname>ima</varname> and
                                 <varname>smack</varname>.
                                 The test may be negated by prepending
                                 an exclamation
author	Auke Kok <auke-jan.h.kok@intel.com>	2013-05-11 13:40:08 -0700
committer	Auke Kok <auke-jan.h.kok@intel.com>	2013-05-11 13:42:55 -0700
commit	9d995d54b54dcf9c776a0d88edad3b6aab3c36b5 (patch)
tree	b97498e173477bac0eeea878099068cdf7f173e9 /man
parent	a41f47abd349b55fc4077fbb69d5da7eb6663668 (diff)