diff options
author | Renato Botelho <renato@netgate.com> | 2015-10-21 16:04:13 -0200 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-10-21 16:04:13 -0200 |
commit | 6dfdfbb12b356dae762c3bce132809457ed60d97 (patch) | |
tree | 4e87edfd6f7353e79d923ab457270e9351daec3d /etc | |
parent | 13010d6b0da4d97e56243edbea0a585b8285cd3e (diff) | |
parent | d621159ed6a7d1c98cf81f17e313dffc64bf7c4f (diff) | |
download | FreeBSD-src-6dfdfbb12b356dae762c3bce132809457ed60d97.zip FreeBSD-src-6dfdfbb12b356dae762c3bce132809457ed60d97.tar.gz |
Merge branch 'stable/10' into devel
Diffstat (limited to 'etc')
-rw-r--r-- | etc/rc.d/automount | 2 | ||||
-rw-r--r-- | etc/rc.d/automountd | 2 | ||||
-rw-r--r-- | etc/rc.d/autounmountd | 2 | ||||
-rwxr-xr-x | etc/rc.d/ugidfw | 11 |
4 files changed, 13 insertions, 4 deletions
diff --git a/etc/rc.d/automount b/etc/rc.d/automount index c394694..7f43b45 100644 --- a/etc/rc.d/automount +++ b/etc/rc.d/automount @@ -4,7 +4,7 @@ # # PROVIDE: automount -# REQUIRE: nfsclient +# REQUIRE: nfsclient automountd # KEYWORD: nojail shutdown . /etc/rc.subr diff --git a/etc/rc.d/automountd b/etc/rc.d/automountd index 6d74665..01a2e0b 100644 --- a/etc/rc.d/automountd +++ b/etc/rc.d/automountd @@ -4,7 +4,7 @@ # # PROVIDE: automountd -# REQUIRE: automount +# REQUIRE: DAEMON # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/autounmountd b/etc/rc.d/autounmountd index c57f90d..49a27ba 100644 --- a/etc/rc.d/autounmountd +++ b/etc/rc.d/autounmountd @@ -4,7 +4,7 @@ # # PROVIDE: autounmountd -# REQUIRE: nfsclient +# REQUIRE: DAEMON # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/ugidfw b/etc/rc.d/ugidfw index d65d6a3..09171e4 100755 --- a/etc/rc.d/ugidfw +++ b/etc/rc.d/ugidfw @@ -3,6 +3,7 @@ # $FreeBSD$ # PROVIDE: ugidfw +# REQUIRE: FILESYSTEMS # BEFORE: LOGIN # KEYWORD: nojail shutdown @@ -33,9 +34,17 @@ ugidfw_start() ugidfw_stop() { + local rulecount + # Disable the policy # - kldunload mac_bsdextended + # Check for the existence of rules and flush them if needed. + rulecount=$(sysctl -in security.mac.bsdextended.rule_count) + if [ ${rulecount:-0} -gt 0 ]; then + ugidfw list | sed -n '2,$p' | cut -d ' ' -f 1 | sort -r -n | + xargs -n 1 ugidfw remove + echo "MAC bsdextended rules flushed." + fi } load_rc_config $name |