[systemd-commits] man/systemd.unit.xml src/core
Lennart Poettering
lennart at kemper.freedesktop.org
Mon May 6 12:32:27 PDT 2013
man/systemd.unit.xml | 3 ++-
src/core/condition.c | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
New commits:
commit 80f53eb59516f87e26e3afa405c61b4eed9ffe30
Author: Nirbheek Chauhan <nirbheek.chauhan at collabora.co.uk>
Date: Tue Apr 9 18:30:24 2013 +0530
condition, man: Add support for ConditionSecurity=apparmor
Checking for the apparmor directory in securityfs means the apparmor module is
loaded and enabled, and hence should suffice as a test.
https://bugs.freedesktop.org/show_bug.cgi?id=63312
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 2f2d1a1..3360a71 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -984,7 +984,8 @@
may be used to check whether the given
security module is enabled on the
system. Currently the only recognized
- value is <varname>selinux</varname>.
+ values are <varname>selinux</varname>
+ and <varname>apparmor</varname>.
The test may be negated by prepending
an exclamation
mark.</para>
diff --git a/src/core/condition.c b/src/core/condition.c
index 30199c1..4aa5530 100644
--- a/src/core/condition.c
+++ b/src/core/condition.c
@@ -162,6 +162,8 @@ static bool test_security(const char *parameter) {
if (streq(parameter, "selinux"))
return is_selinux_enabled() > 0;
#endif
+ if (streq(parameter, "apparmor"))
+ return access("/sys/kernel/security/apparmor/", F_OK) == 0;
return false;
}
More information about the systemd-commits
mailing list