mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
condition, man: Add support for ConditionSecurity=apparmor
Checking for the apparmor directory in securityfs means the apparmor module is loaded and enabled, and hence should suffice as a test. https://bugs.freedesktop.org/show_bug.cgi?id=63312
This commit is contained in:
parent
8337416301
commit
80f53eb595
@ -984,7 +984,8 @@
|
||||
may be used to check whether the given
|
||||
security module is enabled on the
|
||||
system. Currently the only recognized
|
||||
value is <varname>selinux</varname>.
|
||||
values are <varname>selinux</varname>
|
||||
and <varname>apparmor</varname>.
|
||||
The test may be negated by prepending
|
||||
an exclamation
|
||||
mark.</para>
|
||||
|
@ -162,6 +162,8 @@ static bool test_security(const char *parameter) {
|
||||
if (streq(parameter, "selinux"))
|
||||
return is_selinux_enabled() > 0;
|
||||
#endif
|
||||
if (streq(parameter, "apparmor"))
|
||||
return access("/sys/kernel/security/apparmor/", F_OK) == 0;
|
||||
return false;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user