summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2018-06-20 18:52:52 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2018-06-20 22:33:47 +0200
commitbe405b909e5d78b43e3af47e0d10cd84c714e2f3 (patch)
tree9bc1fa2b21eeaaf5f6609905af57094365cd004b /src
parent92963e74dfa597038ca35799980ba8832fc8c5a4 (diff)
downloadsystemd-be405b909e5d78b43e3af47e0d10cd84c714e2f3.tar.gz
condition: add new conditon ConditionSecurity=uefi-secureboot
We have the detector call for this anyway, and it's useful for conditioning out dbxtool.service, hence let's add this tiny new option.
Diffstat (limited to 'src')
-rw-r--r--src/shared/condition.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/shared/condition.c b/src/shared/condition.c
index 525cc94936..2969a89b4e 100644
--- a/src/shared/condition.c
+++ b/src/shared/condition.c
@@ -21,6 +21,7 @@
#include "cap-list.h"
#include "cgroup-util.h"
#include "condition.h"
+#include "efivars.h"
#include "extract-word.h"
#include "fd-util.h"
#include "fileio.h"
@@ -376,6 +377,8 @@ static int condition_test_security(Condition *c) {
return use_ima();
if (streq(c->parameter, "tomoyo"))
return mac_tomoyo_use();
+ if (streq(c->parameter, "uefi-secureboot"))
+ return is_efi_secure_boot();
return false;
}