From 9d995d54b54dcf9c776a0d88edad3b6aab3c36b5 Mon Sep 17 00:00:00 2001
From: Auke Kok <auke-jan.h.kok@intel.com>
Date: Sat, 11 May 2013 13:40:08 -0700
Subject: Add support for ConditionSecurity=ima

Just as with SMACK, we don't really know if a policy has been
loaded or not, as the policy interface is write-only. Assume
therefore that if ima is present in securityfs that it is
enabled.

Update the man page to reflect that "ima" is a valid option
now as well.
---
 src/core/condition.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/core/condition.c b/src/core/condition.c
index abed4e5bf0..4293d6d1f1 100644
--- a/src/core/condition.c
+++ b/src/core/condition.c
@@ -164,6 +164,8 @@ static bool test_security(const char *parameter) {
 #endif
         if (streq(parameter, "apparmor"))
                 return access("/sys/kernel/security/apparmor/", F_OK) == 0;
+        if (streq(parameter, "ima"))
+                return access("/sys/kernel/security/ima/", F_OK) == 0;
         if (streq(parameter, "smack"))
                 return access("/sys/fs/smackfs", F_OK) == 0;
         return false;
-- 
cgit v1.2.3-54-g00ecf