diff options
| author | Auke Kok <auke-jan.h.kok@intel.com> | 2013-05-11 13:40:08 -0700 |
|---|---|---|
| committer | Auke Kok <auke-jan.h.kok@intel.com> | 2013-05-11 13:42:55 -0700 |
| commit | 9d995d54b54dcf9c776a0d88edad3b6aab3c36b5 (patch) | |
| tree | b97498e173477bac0eeea878099068cdf7f173e9 /src/core | |
| parent | a41f47abd349b55fc4077fbb69d5da7eb6663668 (diff) | |
Add support for ConditionSecurity=ima
Just as with SMACK, we don't really know if a policy has been
loaded or not, as the policy interface is write-only. Assume
therefore that if ima is present in securityfs that it is
enabled.
Update the man page to reflect that "ima" is a valid option
now as well.
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/condition.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/core/condition.c b/src/core/condition.c index abed4e5bf0..4293d6d1f1 100644 --- a/src/core/condition.c +++ b/src/core/condition.c @@ -164,6 +164,8 @@ static bool test_security(const char *parameter) { #endif if (streq(parameter, "apparmor")) return access("/sys/kernel/security/apparmor/", F_OK) == 0; + if (streq(parameter, "ima")) + return access("/sys/kernel/security/ima/", F_OK) == 0; if (streq(parameter, "smack")) return access("/sys/fs/smackfs", F_OK) == 0; return false; |