condition, man: Add support for ConditionSecurity=smack

According to Documentation/security/Smack.txt:
  In keeping with the intent of Smack, configuration data is minimal
  and not strictly required. The most important configuration step is
  mounting the smackfs pseudo filesystem.
This means that checking the mount point should be enough.

2 files changed, 5 insertions, 2 deletions

diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 49103dad56..c56837a6e5 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -984,8 +984,9 @@
                                 may be used to check whether the given
                                 security module is enabled on the
                                 system.  Currently the only recognized
-                                values are <varname>selinux</varname>
-                                and <varname>apparmor</varname>.
+                                values are <varname>selinux</varname>,
+                                <varname>apparmor</varname>, and
+                                <varname>smack</varname>.
                                 The test may be negated by prepending
                                 an exclamation
                                 mark.</para>
diff --git a/src/core/condition.c b/src/core/condition.c
index 4aa5530c36..16cae6d23b 100644
--- a/src/core/condition.c
+++ b/src/core/condition.c
@@ -164,6 +164,8 @@ static bool test_security(const char *parameter) {
 #endif
 	if (streq(parameter, "apparmor"))
 		return access("/sys/kernel/security/apparmor/", F_OK) == 0;
+	if (streq(parameter, "smack"))
+		return access("/sys/fs/smackfs", F_OK) == 0;
         return false;
 }