condition, man: Add support for ConditionSecurity=apparmor
Checking for the apparmor directory in securityfs means the apparmor module is loaded and enabled, and hence should suffice as a test. https://bugs.freedesktop.org/show_bug.cgi?id=63312
This commit is contained in:
parent
8337416301
commit
80f53eb595
|
@ -984,7 +984,8 @@
|
||||||
may be used to check whether the given
|
may be used to check whether the given
|
||||||
security module is enabled on the
|
security module is enabled on the
|
||||||
system. Currently the only recognized
|
system. Currently the only recognized
|
||||||
value is <varname>selinux</varname>.
|
values are <varname>selinux</varname>
|
||||||
|
and <varname>apparmor</varname>.
|
||||||
The test may be negated by prepending
|
The test may be negated by prepending
|
||||||
an exclamation
|
an exclamation
|
||||||
mark.</para>
|
mark.</para>
|
||||||
|
|
|
@ -162,6 +162,8 @@ static bool test_security(const char *parameter) {
|
||||||
if (streq(parameter, "selinux"))
|
if (streq(parameter, "selinux"))
|
||||||
return is_selinux_enabled() > 0;
|
return is_selinux_enabled() > 0;
|
||||||
#endif
|
#endif
|
||||||
|
if (streq(parameter, "apparmor"))
|
||||||
|
return access("/sys/kernel/security/apparmor/", F_OK) == 0;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue