diff options
author | trhodes <trhodes@FreeBSD.org> | 2004-09-29 00:12:28 +0000 |
---|---|---|
committer | trhodes <trhodes@FreeBSD.org> | 2004-09-29 00:12:28 +0000 |
commit | 2bf857d4fdf5da306ae999a872ac08f33af927a5 (patch) | |
tree | 3ca4d402ba1a67d3197ec54a5dc622ff8b5c3ee3 /etc/rc.d | |
parent | d0514db4ed10c3a707c0f7aacd184367f11dd65e (diff) | |
download | FreeBSD-src-2bf857d4fdf5da306ae999a872ac08f33af927a5.zip FreeBSD-src-2bf857d4fdf5da306ae999a872ac08f33af927a5.tar.gz |
Give users the ability to load a mac_bsdextended(4) ruleset on boot (defaults
to NO of course). Provide a basic ruleset file, rc.bsdextended, but allow
the filename to be overridden through rc.conf.
Discussed with: rwatson (awhile ago)
Diffstat (limited to 'etc/rc.d')
-rwxr-xr-x | etc/rc.d/Makefile | 2 | ||||
-rw-r--r-- | etc/rc.d/ugidfw | 52 |
2 files changed, 53 insertions, 1 deletions
diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index 61bc3e8..2d6f59d 100755 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -34,7 +34,7 @@ FILES= DAEMON LOGIN NETWORKING SERVERS \ serial sppp sshd swap1 \ syscons sysctl syslogd \ timed tmp \ - usbd \ + ugidfw usbd \ var vinum virecover \ watchdogd \ ypbind yppasswdd ypserv \ diff --git a/etc/rc.d/ugidfw b/etc/rc.d/ugidfw new file mode 100644 index 0000000..7e033c8 --- /dev/null +++ b/etc/rc.d/ugidfw @@ -0,0 +1,52 @@ +#!/bin/sh +# +# $FreeBSD$ + +# PROVIDE: ugidfw +# REQUIRE: +# BEFORE: LOGIN +# KEYWORD: FreeBSD nojail + +. /etc/rc.subr + +name="ugidfw" +rcvar="ugidfw_enable" +start_cmd="ugidfw_start" +start_precmd="ugidfw_precmd" +stop_cmd="ugidfw_stop" + +ugidfw_precmd() +{ + if ! sysctl security.mac.bsdextended + then kldload mac_bsdextended + if [ "$?" -ne "0" ] + then warn Unable to load the mac_bsdextended module. + return 1 + else + return 0 + fi + fi + return 0 +} + +ugidfw_start() +{ + # set the default policy script if none was specified + [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended + + if [ -r "${bsdextended_script}" ]; then + . "${bsdextended_script}" + echo -n 'MAC bsdextended rules loaded sucessfully.' + fi + echo '.' +} + +ugidfw_stop() +{ + # Disable the policy + # + kldunload mac_bsdextended +} + +load_rc_config $name +run_rc_command "$1" |