From b62ee5249da92ff8960322eab770f742425831e3 Mon Sep 17 00:00:00 2001 From: Karol Lewandowski Date: Tue, 7 May 2013 13:21:46 +0200 Subject: [PATCH] condition, man: Add support for ConditionSecurity=smack According to Documentation/security/Smack.txt: In keeping with the intent of Smack, configuration data is minimal and not strictly required. The most important configuration step is mounting the smackfs pseudo filesystem. This means that checking the mount point should be enough. --- man/systemd.unit.xml | 5 +++-- src/core/condition.c | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 49103dad56..c56837a6e5 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -984,8 +984,9 @@ may be used to check whether the given security module is enabled on the system. Currently the only recognized - values are selinux - and apparmor. + values are selinux, + apparmor, and + smack. The test may be negated by prepending an exclamation mark. diff --git a/src/core/condition.c b/src/core/condition.c index 4aa5530c36..16cae6d23b 100644 --- a/src/core/condition.c +++ b/src/core/condition.c @@ -164,6 +164,8 @@ static bool test_security(const char *parameter) { #endif if (streq(parameter, "apparmor")) return access("/sys/kernel/security/apparmor/", F_OK) == 0; + if (streq(parameter, "smack")) + return access("/sys/fs/smackfs", F_OK) == 0; return false; }