picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

condition, man: Add support for ConditionSecurity=apparmor

Browse source 
Checking for the apparmor directory in securityfs means the apparmor module is
loaded and enabled, and hence should suffice as a test.

https://bugs.freedesktop.org/show_bug.cgi?id=63312
This commit is contained in:
Nirbheek Chauhan 2013-04-09 18:30:24 +05:30 committed by Lennart Poettering
parent 8337416301
commit 80f53eb595
2 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
man/systemd.unit.xml
View file

@ -984,7 +984,8 @@
may be used to check whether the given may be used to check whether the given
security module is enabled on the security module is enabled on the
system. Currently the only recognized system. Currently the only recognized
value is <varname>selinux</varname>. values are <varname>selinux</varname>
and <varname>apparmor</varname>.
The test may be negated by prepending The test may be negated by prepending
an exclamation an exclamation
mark.</para> mark.</para>

2
src/core/condition.c
View file

@ -162,6 +162,8 @@ static bool test_security(const char *parameter) {
if (streq(parameter, "selinux")) if (streq(parameter, "selinux"))
return is_selinux_enabled() > 0; return is_selinux_enabled() > 0;
#endif #endif
if (streq(parameter, "apparmor"))
return access("/sys/kernel/security/apparmor/", F_OK) == 0;
return false; return false;
} }