condition, man: Add support for ConditionSecurity=apparmor

Checking for the apparmor directory in securityfs means the apparmor module is loaded and enabled, and hence should suffice as a test. https://bugs.freedesktop.org/show_bug.cgi?id=63312
2013-04-09 18:30:24 +05:30 · 2013-04-09 18:30:24 +05:30 · 80f53eb595
parent 8337416301
commit 80f53eb595
2 changed files with 4 additions and 1 deletions
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@ -984,7 +984,8 @@
                                may be used to check whether the given
                                security module is enabled on the
                                system.  Currently the only recognized
-                                value is <varname>selinux</varname>.
+                                values are <varname>selinux</varname>
+                                and <varname>apparmor</varname>.
                                The test may be negated by prepending
                                an exclamation
                                mark.</para>
--- a/src/core/condition.c
+++ b/src/core/condition.c
@ -162,6 +162,8 @@ static bool test_security(const char *parameter) {
        if (streq(parameter, "selinux"))
                return is_selinux_enabled() > 0;
 #endif
+	if (streq(parameter, "apparmor"))
+		return access("/sys/kernel/security/apparmor/", F_OK) == 0;
        return false;
 }