freebsd-dev/etc/rc.d/ugidfw
trhodes 85f877af83 Add a ugidfw_load() function and fix up some of the scripting in this file.
This will allow better integration with the ports system.

Submitted by:	clement
2005-04-02 00:01:03 +00:00

67 lines
1.2 KiB
Bash

#!/bin/sh
#
# $FreeBSD$
# PROVIDE: ugidfw
# REQUIRE:
# BEFORE: LOGIN
# KEYWORD: nojail
. /etc/rc.subr
name="ugidfw"
rcvar="ugidfw_enable"
start_cmd="ugidfw_start"
start_precmd="ugidfw_precmd"
stop_cmd="ugidfw_stop"
ugidfw_load()
{
if [ -r "${bsdextended_script}" ]; then
. "${bsdextended_script}"
echo -n " ${_bsdextended_profile}"
fi
}
ugidfw_precmd()
{
if ! sysctl security.mac.bsdextended
then kldload mac_bsdextended
if [ "$?" -ne "0" ]
then warn Unable to load the mac_bsdextended module.
return 1
else
return 0
fi
fi
return 0
}
ugidfw_start()
{
# check for existing profiles and set the default policy script
# if none was specified
[ -z "${bsdextended_profiles}" ] && {
bsdextended_profiles=default
[ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended
bsdextended_default_script=/etc/rc.bsdextended
}
echo -n "Loading MAC bsdextended rules:"
for _bsdextended_profile in ${bsdextended_profiles}; do
eval bsdextended_script=\"\$bsdextended_${_bsdextended_profile}_script\"
ugidfw_load
done
echo '.'
}
ugidfw_stop()
{
# Disable the policy
#
kldunload mac_bsdextended
}
load_rc_config $name
run_rc_command "$1"