diff options
author | Lennart Poettering <lennart@poettering.net> | 2020-05-14 18:30:23 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2020-05-15 15:50:09 +0200 |
commit | 7f19247b5e583e508a4eca7d5455cd590cc8e71e (patch) | |
tree | 21d3b645e8344b937f81005e0077fa397516eaca /src/shared | |
parent | 89fe653544a310a9bbc2689c464a1cdd92bb71a2 (diff) | |
download | systemd-7f19247b5e583e508a4eca7d5455cd590cc8e71e.tar.gz |
condition: add ConditionPathIsEncrypted=
It's easy to add, and should be pretty useful, in particular as in
AssertPathIsEncrypted= as it can be used for checking that
some path is encrypted before some service is invoked that might want to
place secure material there.
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/condition.c | 18 | ||||
-rw-r--r-- | src/shared/condition.h | 2 |
2 files changed, 20 insertions, 0 deletions
diff --git a/src/shared/condition.c b/src/shared/condition.c index 9f4c7fe338..2dbc14938a 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c @@ -25,6 +25,7 @@ #include "extract-word.h" #include "fd-util.h" #include "fileio.h" +#include "fs-util.h" #include "glob-util.h" #include "hostname-util.h" #include "ima-util.h" @@ -672,6 +673,20 @@ static int condition_test_path_is_read_write(Condition *c) { return path_is_read_only_fs(c->parameter) <= 0; } +static int condition_test_path_is_encrypted(Condition *c) { + int r; + + assert(c); + assert(c->parameter); + assert(c->type == CONDITION_PATH_IS_ENCRYPTED); + + r = path_is_encrypted(c->parameter); + if (r < 0 && r != -ENOENT) + log_debug_errno(r, "Failed to determine if '%s' is encrypted: %m", c->parameter); + + return r > 0; +} + static int condition_test_directory_not_empty(Condition *c) { int r; @@ -725,6 +740,7 @@ int condition_test(Condition *c) { [CONDITION_PATH_IS_SYMBOLIC_LINK] = condition_test_path_is_symbolic_link, [CONDITION_PATH_IS_MOUNT_POINT] = condition_test_path_is_mount_point, [CONDITION_PATH_IS_READ_WRITE] = condition_test_path_is_read_write, + [CONDITION_PATH_IS_ENCRYPTED] = condition_test_path_is_encrypted, [CONDITION_DIRECTORY_NOT_EMPTY] = condition_test_directory_not_empty, [CONDITION_FILE_NOT_EMPTY] = condition_test_file_not_empty, [CONDITION_FILE_IS_EXECUTABLE] = condition_test_file_is_executable, @@ -852,6 +868,7 @@ static const char* const condition_type_table[_CONDITION_TYPE_MAX] = { [CONDITION_PATH_IS_SYMBOLIC_LINK] = "ConditionPathIsSymbolicLink", [CONDITION_PATH_IS_MOUNT_POINT] = "ConditionPathIsMountPoint", [CONDITION_PATH_IS_READ_WRITE] = "ConditionPathIsReadWrite", + [CONDITION_PATH_IS_ENCRYPTED] = "ConditionPathIsEncrypted", [CONDITION_DIRECTORY_NOT_EMPTY] = "ConditionDirectoryNotEmpty", [CONDITION_FILE_NOT_EMPTY] = "ConditionFileNotEmpty", [CONDITION_FILE_IS_EXECUTABLE] = "ConditionFileIsExecutable", @@ -882,6 +899,7 @@ static const char* const assert_type_table[_CONDITION_TYPE_MAX] = { [CONDITION_PATH_IS_SYMBOLIC_LINK] = "AssertPathIsSymbolicLink", [CONDITION_PATH_IS_MOUNT_POINT] = "AssertPathIsMountPoint", [CONDITION_PATH_IS_READ_WRITE] = "AssertPathIsReadWrite", + [CONDITION_PATH_IS_ENCRYPTED] = "AssertPathIsEncrypted", [CONDITION_DIRECTORY_NOT_EMPTY] = "AssertDirectoryNotEmpty", [CONDITION_FILE_NOT_EMPTY] = "AssertFileNotEmpty", [CONDITION_FILE_IS_EXECUTABLE] = "AssertFileIsExecutable", diff --git a/src/shared/condition.h b/src/shared/condition.h index 84322e7425..6064ccdaed 100644 --- a/src/shared/condition.h +++ b/src/shared/condition.h @@ -28,6 +28,7 @@ typedef enum ConditionType { CONDITION_PATH_IS_SYMBOLIC_LINK, CONDITION_PATH_IS_MOUNT_POINT, CONDITION_PATH_IS_READ_WRITE, + CONDITION_PATH_IS_ENCRYPTED, CONDITION_DIRECTORY_NOT_EMPTY, CONDITION_FILE_NOT_EMPTY, CONDITION_FILE_IS_EXECUTABLE, @@ -96,6 +97,7 @@ static inline bool condition_takes_path(ConditionType t) { CONDITION_PATH_IS_SYMBOLIC_LINK, CONDITION_PATH_IS_MOUNT_POINT, CONDITION_PATH_IS_READ_WRITE, + CONDITION_PATH_IS_ENCRYPTED, CONDITION_DIRECTORY_NOT_EMPTY, CONDITION_FILE_NOT_EMPTY, CONDITION_FILE_IS_EXECUTABLE, |