diff options
author | Lennart Poettering <lennart@poettering.net> | 2018-06-20 18:52:52 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-06-20 22:33:47 +0200 |
commit | be405b909e5d78b43e3af47e0d10cd84c714e2f3 (patch) | |
tree | 9bc1fa2b21eeaaf5f6609905af57094365cd004b /src | |
parent | 92963e74dfa597038ca35799980ba8832fc8c5a4 (diff) | |
download | systemd-be405b909e5d78b43e3af47e0d10cd84c714e2f3.tar.gz |
condition: add new conditon ConditionSecurity=uefi-secureboot
We have the detector call for this anyway, and it's useful for
conditioning out dbxtool.service, hence let's add this tiny new option.
Diffstat (limited to 'src')
-rw-r--r-- | src/shared/condition.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/shared/condition.c b/src/shared/condition.c index 525cc94936..2969a89b4e 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c @@ -21,6 +21,7 @@ #include "cap-list.h" #include "cgroup-util.h" #include "condition.h" +#include "efivars.h" #include "extract-word.h" #include "fd-util.h" #include "fileio.h" @@ -376,6 +377,8 @@ static int condition_test_security(Condition *c) { return use_ima(); if (streq(c->parameter, "tomoyo")) return mac_tomoyo_use(); + if (streq(c->parameter, "uefi-secureboot")) + return is_efi_secure_boot(); return false; } |