From 9d995d54b54dcf9c776a0d88edad3b6aab3c36b5 Mon Sep 17 00:00:00 2001
From: Auke Kok <auke-jan.h.kok@intel.com>
Date: Sat, 11 May 2013 13:40:08 -0700
Subject: Add support for ConditionSecurity=ima

Just as with SMACK, we don't really know if a policy has been
loaded or not, as the policy interface is write-only. Assume
therefore that if ima is present in securityfs that it is
enabled.

Update the man page to reflect that "ima" is a valid option
now as well.
---
 man/systemd.unit.xml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'man/systemd.unit.xml')

diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index c56837a6e5..5ab988178d 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -983,9 +983,10 @@
                                 <para><varname>ConditionSecurity=</varname>
                                 may be used to check whether the given
                                 security module is enabled on the
-                                system.  Currently the only recognized
+                                system. Currently the recognized values
                                 values are <varname>selinux</varname>,
-                                <varname>apparmor</varname>, and
+                                <varname>apparmor</varname>,
+                                <varname>ima</varname> and
                                 <varname>smack</varname>.
                                 The test may be negated by prepending
                                 an exclamation
-- 
cgit v1.2.3-54-g00ecf