Checking for the apparmor directory in securityfs means the apparmor module is
loaded and enabled, and hence should suffice as a test.
https://bugs.freedesktop.org/show_bug.cgi?id=63312
may be used to check whether the given
security module is enabled on the
system. Currently the only recognized
- value is <varname>selinux</varname>.
+ values are <varname>selinux</varname>
+ and <varname>apparmor</varname>.
The test may be negated by prepending
an exclamation
mark.</para>
if (streq(parameter, "selinux"))
return is_selinux_enabled() > 0;
#endif
+ if (streq(parameter, "apparmor"))
+ return access("/sys/kernel/security/apparmor/", F_OK) == 0;
return false;
}