summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarol Lewandowski <k.lewandowsk@samsung.com>2013-05-07 13:21:46 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2013-05-08 22:24:37 -0400
commitb62ee5249da92ff8960322eab770f742425831e3 (patch)
treec9136bb5df6bb9168d2f2cdd5c5543faeaa32222
parent539e0a4d583bca7db837275b07a20a933b7f8f83 (diff)
downloadsystemd-b62ee5249da92ff8960322eab770f742425831e3.tar.gz
systemd-b62ee5249da92ff8960322eab770f742425831e3.tar.bz2
systemd-b62ee5249da92ff8960322eab770f742425831e3.zip
condition, man: Add support for ConditionSecurity=smack
According to Documentation/security/Smack.txt: In keeping with the intent of Smack, configuration data is minimal and not strictly required. The most important configuration step is mounting the smackfs pseudo filesystem. This means that checking the mount point should be enough.
-rw-r--r--man/systemd.unit.xml5
-rw-r--r--src/core/condition.c2
2 files changed, 5 insertions, 2 deletions
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 49103dad56..c56837a6e5 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -984,8 +984,9 @@
may be used to check whether the given
security module is enabled on the
system. Currently the only recognized
- values are <varname>selinux</varname>
- and <varname>apparmor</varname>.
+ values are <varname>selinux</varname>,
+ <varname>apparmor</varname>, and
+ <varname>smack</varname>.
The test may be negated by prepending
an exclamation
mark.</para>
diff --git a/src/core/condition.c b/src/core/condition.c
index 4aa5530c36..16cae6d23b 100644
--- a/src/core/condition.c
+++ b/src/core/condition.c
@@ -164,6 +164,8 @@ static bool test_security(const char *parameter) {
#endif
if (streq(parameter, "apparmor"))
return access("/sys/kernel/security/apparmor/", F_OK) == 0;
+ if (streq(parameter, "smack"))
+ return access("/sys/fs/smackfs", F_OK) == 0;
return false;
}