Checking for the apparmor directory in securityfs means the apparmor module is
loaded and enabled, and hence should suffice as a test.
https://bugs.freedesktop.org/show_bug.cgi?id=63312
may be used to check whether the given
security module is enabled on the
system. Currently the only recognized
may be used to check whether the given
security module is enabled on the
system. Currently the only recognized
- value is <varname>selinux</varname>.
+ values are <varname>selinux</varname>
+ and <varname>apparmor</varname>.
The test may be negated by prepending
an exclamation
mark.</para>
The test may be negated by prepending
an exclamation
mark.</para>
if (streq(parameter, "selinux"))
return is_selinux_enabled() > 0;
#endif
if (streq(parameter, "selinux"))
return is_selinux_enabled() > 0;
#endif
+ if (streq(parameter, "apparmor"))
+ return access("/sys/kernel/security/apparmor/", F_OK) == 0;