Commit 80f53eb5 authored by Nirbheek Chauhan's avatar Nirbheek Chauhan Committed by Lennart Poettering
Browse files

condition, man: Add support for ConditionSecurity=apparmor

Checking for the apparmor directory in securityfs means the apparmor module is
loaded and enabled, and hence should suffice as a test.

https://bugs.freedesktop.org/show_bug.cgi?id=63312
parent 83374163
...@@ -984,7 +984,8 @@ ...@@ -984,7 +984,8 @@
may be used to check whether the given may be used to check whether the given
security module is enabled on the security module is enabled on the
system. Currently the only recognized system. Currently the only recognized
value is <varname>selinux</varname>. values are <varname>selinux</varname>
and <varname>apparmor</varname>.
The test may be negated by prepending The test may be negated by prepending
an exclamation an exclamation
mark.</para> mark.</para>
......
...@@ -162,6 +162,8 @@ static bool test_security(const char *parameter) { ...@@ -162,6 +162,8 @@ static bool test_security(const char *parameter) {
if (streq(parameter, "selinux")) if (streq(parameter, "selinux"))
return is_selinux_enabled() > 0; return is_selinux_enabled() > 0;
#endif #endif
if (streq(parameter, "apparmor"))
return access("/sys/kernel/security/apparmor/", F_OK) == 0;
return false; return false;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment