From d682b3a7e7c7c2941a4d3e193f1e330dbc9fae89 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 10 Oct 2013 16:35:44 +0200
Subject: security: rework selinux, smack, ima, apparmor detection logic

Always cache the results, and bypass low-level security calls when the
respective subsystem is not enabled.
---
 src/shared/smack-util.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'src/shared/smack-util.c')

diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
index a73eaac6de..4e8cf796d3 100644
--- a/src/shared/smack-util.c
+++ b/src/shared/smack-util.c
@@ -21,16 +21,21 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#include "smack-util.h"
-
 #include <unistd.h>
 
-static int use_smack_cached = -1;
+#include "smack-util.h"
 
 bool use_smack(void) {
 
+#ifdef HAVE_SMACK
+        static int use_smack_cached = -1;
+
         if (use_smack_cached < 0)
-                use_smack_cached = (access("/sys/fs/smackfs", F_OK) >= 0);
+                use_smack_cached = access("/sys/fs/smackfs/", F_OK) >= 0;
 
         return use_smack_cached;
+#else
+        return false;
+#endif
+
 }
-- 
cgit v1.2.3-54-g00ecf