On Tue, 07.05.13 13:21, Karol Lewandowski ([email protected]) wrote:
Heya, Hmm, does that directory always exist? Or only if AppArmor is actually runtime enabled? I.e. this check should ideally only return true if SMACK is not only built into the kernel, but actually really enabled during runtime. That's what the SELinux check does and what the most useful semantics are. > Signed-off-by: Karol Lewandowski <[email protected]> > > diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml > index 49103da..256c813 100644 > --- a/man/systemd.unit.xml > +++ b/man/systemd.unit.xml > @@ -984,8 +984,9 @@ > may be used to check whether the given > security module is enabled on the > system. Currently the only recognized > - values are <varname>selinux</varname> > - and <varname>apparmor</varname>. > + values are <varname>selinux</varname>, > + <varname>apparmor</varname> and > + <varname>smack</varname>. > The test may be negated by prepending > an exclamation > mark.</para> > diff --git a/src/core/condition.c b/src/core/condition.c > index 4aa5530..16cae6d 100644 > --- a/src/core/condition.c > +++ b/src/core/condition.c > @@ -164,6 +164,8 @@ static bool test_security(const char *parameter) { > #endif > if (streq(parameter, "apparmor")) > return access("/sys/kernel/security/apparmor/", F_OK) == 0; > + if (streq(parameter, "smack")) > + return access("/sys/fs/smackfs", F_OK) == 0; > return false; > } > Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
