1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00

condition, man: Add support for ConditionSecurity=apparmor

Checking for the apparmor directory in securityfs means the apparmor module is
loaded and enabled, and hence should suffice as a test.

https://bugs.freedesktop.org/show_bug.cgi?id=63312
This commit is contained in:
Nirbheek Chauhan 2013-04-09 18:30:24 +05:30 committed by Lennart Poettering
parent 8337416301
commit 80f53eb595
2 changed files with 4 additions and 1 deletions

View File

@ -984,7 +984,8 @@
may be used to check whether the given
security module is enabled on the
system. Currently the only recognized
value is <varname>selinux</varname>.
values are <varname>selinux</varname>
and <varname>apparmor</varname>.
The test may be negated by prepending
an exclamation
mark.</para>

View File

@ -162,6 +162,8 @@ static bool test_security(const char *parameter) {
if (streq(parameter, "selinux"))
return is_selinux_enabled() > 0;
#endif
if (streq(parameter, "apparmor"))
return access("/sys/kernel/security/apparmor/", F_OK) == 0;
return false;
}