diff options
| author | gordon <gordon@FreeBSD.org> | 2002-06-13 22:14:37 +0000 |
|---|---|---|
| committer | gordon <gordon@FreeBSD.org> | 2002-06-13 22:14:37 +0000 |
| commit | 9c5433cb225f7a4e56e87623ea2e4011179553a5 (patch) | |
| tree | 3168589e209abd888b033397e3c46dee6131a116 /etc/rc.d/securelevel | |
| parent | 50d99cdfecd92f5323a18aa791a5b1cb9d8b7191 (diff) | |
| download | FreeBSD-src-9c5433cb225f7a4e56e87623ea2e4011179553a5.zip FreeBSD-src-9c5433cb225f7a4e56e87623ea2e4011179553a5.tar.gz | |
Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson
Diffstat (limited to 'etc/rc.d/securelevel')
| -rwxr-xr-x | etc/rc.d/securelevel | 49 |
1 files changed, 36 insertions, 13 deletions
diff --git a/etc/rc.d/securelevel b/etc/rc.d/securelevel index c3f3121..dce65e5 100755 --- a/etc/rc.d/securelevel +++ b/etc/rc.d/securelevel @@ -1,10 +1,13 @@ #!/bin/sh # -# $NetBSD: securelevel,v 1.1 2000/08/21 23:31:24 lukem Exp $ +# $NetBSD: securelevel,v 1.4 2002/03/22 04:34:00 thorpej Exp $ +# $FreeBSD$ # # PROVIDE: securelevel # REQUIRE: aftermountlkm ipnat mountd +# BEFORE: DAEMON +# KEYWORD: FreeBSD NetBSD . /etc/rc.subr @@ -14,19 +17,39 @@ stop_cmd=":" securelevel_start() { - # if $securelevel is set, change it here, else if it is 0, - # change it to 1 here, before we start daemons or login services. - # - if [ -n "$securelevel" ]; then - echo -n "Setting securelevel: " - sysctl kern.securelevel=$securelevel - else - securelevel=`sysctl -n kern.securelevel` - if [ x"$securelevel" = x0 ]; then - echo -n "Setting securelevel: " - sysctl kern.securelevel=1 + case `${CMD_OSTYPE}` in + FreeBSD) + case ${kern_securelevel_enable} in + [Yy][Ee][Ss]) + if [ ${kern_securelevel} -ge 0 ]; then + echo 'Raising kernel security level: ' + ${SYSCTL_W} kern.securelevel=${kern_securelevel} + fi + ;; + esac + ;; + NetBSD) + # if $securelevel is set higher, change it here, else if + # it is 0, change it to 1 here, before we start daemons + # or login services. + # + osecurelevel=`sysctl -n kern.securelevel` + if [ -n "$securelevel" -a "$securelevel" != "$osecurelevel" ]; then + if [ "$securelevel" -lt "$osecurelevel" ]; then + echo "Can't lower securelevel." + exit 1 + else + echo -n "Setting securelevel: " + ${SYSCTL_W} kern.securelevel=$securelevel + fi + else + if [ "$osecurelevel" = 0 ]; then + echo -n "Setting securelevel: " + ${SYSCTL_W} kern.securelevel=1 + fi fi - fi + ;; + esac } load_rc_config $name |
