diff options
author | Karol Lewandowski <k.lewandowsk@samsung.com> | 2013-05-07 13:21:46 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-05-08 22:24:37 -0400 |
commit | b62ee5249da92ff8960322eab770f742425831e3 (patch) | |
tree | c9136bb5df6bb9168d2f2cdd5c5543faeaa32222 | |
parent | 539e0a4d583bca7db837275b07a20a933b7f8f83 (diff) | |
download | systemd-b62ee5249da92ff8960322eab770f742425831e3.tar.gz systemd-b62ee5249da92ff8960322eab770f742425831e3.tar.bz2 systemd-b62ee5249da92ff8960322eab770f742425831e3.zip |
condition, man: Add support for ConditionSecurity=smack
According to Documentation/security/Smack.txt:
In keeping with the intent of Smack, configuration data is minimal
and not strictly required. The most important configuration step is
mounting the smackfs pseudo filesystem.
This means that checking the mount point should be enough.
-rw-r--r-- | man/systemd.unit.xml | 5 | ||||
-rw-r--r-- | src/core/condition.c | 2 |
2 files changed, 5 insertions, 2 deletions
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 49103dad56..c56837a6e5 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -984,8 +984,9 @@ may be used to check whether the given security module is enabled on the system. Currently the only recognized - values are <varname>selinux</varname> - and <varname>apparmor</varname>. + values are <varname>selinux</varname>, + <varname>apparmor</varname>, and + <varname>smack</varname>. The test may be negated by prepending an exclamation mark.</para> diff --git a/src/core/condition.c b/src/core/condition.c index 4aa5530c36..16cae6d23b 100644 --- a/src/core/condition.c +++ b/src/core/condition.c @@ -164,6 +164,8 @@ static bool test_security(const char *parameter) { #endif if (streq(parameter, "apparmor")) return access("/sys/kernel/security/apparmor/", F_OK) == 0; + if (streq(parameter, "smack")) + return access("/sys/fs/smackfs", F_OK) == 0; return false; } |