Merge branch 'stable/10' into devel

4 files changed, 13 insertions, 4 deletions

diff --git a/etc/rc.d/automount b/etc/rc.d/automount
index c394694..7f43b45 100644
--- a/etc/rc.d/automount
+++ b/etc/rc.d/automount
@@ -4,7 +4,7 @@
 #
 
 # PROVIDE: automount
-# REQUIRE: nfsclient
+# REQUIRE: nfsclient automountd
 # KEYWORD: nojail shutdown
 
 . /etc/rc.subr
diff --git a/etc/rc.d/automountd b/etc/rc.d/automountd
index 6d74665..01a2e0b 100644
--- a/etc/rc.d/automountd
+++ b/etc/rc.d/automountd
@@ -4,7 +4,7 @@
 #
 
 # PROVIDE: automountd
-# REQUIRE: automount
+# REQUIRE: DAEMON
 # KEYWORD: nojail
 
 . /etc/rc.subr
diff --git a/etc/rc.d/autounmountd b/etc/rc.d/autounmountd
index c57f90d..49a27ba 100644
--- a/etc/rc.d/autounmountd
+++ b/etc/rc.d/autounmountd
@@ -4,7 +4,7 @@
 #
 
 # PROVIDE: autounmountd
-# REQUIRE: nfsclient
+# REQUIRE: DAEMON
 # KEYWORD: nojail
 
 . /etc/rc.subr
diff --git a/etc/rc.d/ugidfw b/etc/rc.d/ugidfw
index d65d6a3..09171e4 100755
--- a/etc/rc.d/ugidfw
+++ b/etc/rc.d/ugidfw
@@ -3,6 +3,7 @@
 # $FreeBSD$
 
 # PROVIDE: ugidfw
+# REQUIRE: FILESYSTEMS
 # BEFORE: LOGIN
 # KEYWORD: nojail shutdown
 
@@ -33,9 +34,17 @@ ugidfw_start()
 
 ugidfw_stop()
 {
+	local rulecount
+
 	# Disable the policy
 	#
-	kldunload mac_bsdextended
+	# Check for the existence of rules and flush them if needed.
+	rulecount=$(sysctl -in security.mac.bsdextended.rule_count)
+	if [ ${rulecount:-0} -gt 0 ]; then
+		ugidfw list | sed -n '2,$p' | cut -d ' ' -f 1 | sort -r -n |
+		    xargs -n 1 ugidfw remove
+		echo "MAC bsdextended rules flushed."
+	fi
 }
 
 load_rc_config $name