core: use the same test as upstart for apparmor

Lennart:
> Hmm, I just noticed this patch:
>
> https://code.launchpad.net/~mdeslaur/upstart/apparmor-support/+merge/164169
>
> It contains a different check for AppArmor. Basically something like this:
>
> /sys/module/apparmor/parameters/enabled == 'Y'
>
> I'd prefer if we could change our code to do the same, given that
> the Ubuntu guys are guys are upstream for apparmor.

https://bugs.freedesktop.org/show_bug.cgi?id=63312

diff --git a/src/core/condition.c b/src/core/condition.c
index 4293d6d1f190e7b386d2fa4e0a61d6f669283756..b2617ef5bfe2f9c9678dcd51d1708e690974002c 100644 (file)
--- a/src/core/condition.c
+++ b/src/core/condition.c
@@ -157,13 +157,24 @@ static bool test_virtualization(const char *parameter) {
         return v > 0 && streq(parameter, id);
 }
 
+static bool test_apparmor_enabled(void) {
+        int r;
+        _cleanup_free_ char *p = NULL;
+
+        r = read_one_line_file("/sys/module/apparmor/parameters/enabled", &p);
+        if (r < 0)
+                return false;
+
+        return parse_boolean(p) > 0;
+}
+
 static bool test_security(const char *parameter) {
 #ifdef HAVE_SELINUX
         if (streq(parameter, "selinux"))
                 return is_selinux_enabled() > 0;
 #endif
         if (streq(parameter, "apparmor"))
-                return access("/sys/kernel/security/apparmor/", F_OK) == 0;
+                return test_apparmor_enabled();
         if (streq(parameter, "ima"))
                 return access("/sys/kernel/security/ima/", F_OK) == 0;
         if (streq(parameter, "smack"))