chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8337416)
condition, man: Add support for ConditionSecurity=apparmor
authorNirbheek Chauhan <nirbheek.chauhan@collabora.co.uk>
Tue, 9 Apr 2013 13:00:24 +0000 (18:30 +0530)
committerLennart Poettering <lennart@poettering.net>
Mon, 6 May 2013 19:17:37 +0000 (21:17 +0200)
Checking for the apparmor directory in securityfs means the apparmor module is
loaded and enabled, and hence should suffice as a test.

https://bugs.freedesktop.org/show_bug.cgi?id=63312

man/systemd.unit.xml patch | blob | history
src/core/condition.c patch | blob | history

diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 2f2d1a1d4a689c4b2ff781fc09c1561748966b09..3360a719a2ba90dbe552cfc90007b3a22450a417 100644 (file)
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -984,7 +984,8 @@
                                 may be used to check whether the given
                                 security module is enabled on the
                                 system.  Currently the only recognized
                                 may be used to check whether the given
                                 security module is enabled on the
                                 system.  Currently the only recognized
-                                value is <varname>selinux</varname>.
+                                values are <varname>selinux</varname>
+                                and <varname>apparmor</varname>.
                                 The test may be negated by prepending
                                 an exclamation
                                 mark.</para>
                                 The test may be negated by prepending
                                 an exclamation
                                 mark.</para>
diff --git a/src/core/condition.c b/src/core/condition.c
index 30199c10e3bbbeedab5ec05d05db37cdd21b4e2b..4aa5530c3645b8ba7ddc9f01789d7e73182da366 100644 (file)
--- a/src/core/condition.c
+++ b/src/core/condition.c
@@ -162,6 +162,8 @@ static bool test_security(const char *parameter) {
         if (streq(parameter, "selinux"))
                 return is_selinux_enabled() > 0;
 #endif
         if (streq(parameter, "selinux"))
                 return is_selinux_enabled() > 0;
 #endif
+       if (streq(parameter, "apparmor"))
+               return access("/sys/kernel/security/apparmor/", F_OK) == 0;
         return false;
 }
 
         return false;
 }
 
Unnamed repository; edit this file 'description' to name the repository.