condition, man: Add support for ConditionSecurity=smack

According to Documentation/security/Smack.txt:
  In keeping with the intent of Smack, configuration data is minimal
  and not strictly required. The most important configuration step is
  mounting the smackfs pseudo filesystem.
This means that checking the mount point should be enough.

diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 49103dad56d8610e1d3f20feb0f50a51c9d14a9c..c56837a6e53c0650645ed1d035ba132882372c90 100644 (file)
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -984,8 +984,9 @@
                                 may be used to check whether the given
                                 security module is enabled on the
                                 system.  Currently the only recognized
-                                values are <varname>selinux</varname>
-                                and <varname>apparmor</varname>.
+                                values are <varname>selinux</varname>,
+                                <varname>apparmor</varname>, and
+                                <varname>smack</varname>.
                                 The test may be negated by prepending
                                 an exclamation
                                 mark.</para>

diff --git a/src/core/condition.c b/src/core/condition.c
index 4aa5530c3645b8ba7ddc9f01789d7e73182da366..16cae6d23b6555a734e903b81fac9091ef251822 100644 (file)
--- a/src/core/condition.c
+++ b/src/core/condition.c
@@ -164,6 +164,8 @@ static bool test_security(const char *parameter) {
 #endif
        if (streq(parameter, "apparmor"))
                return access("/sys/kernel/security/apparmor/", F_OK) == 0;
+       if (streq(parameter, "smack"))
+               return access("/sys/fs/smackfs", F_OK) == 0;
         return false;
 }