85f877af83
This will allow better integration with the ports system. Submitted by: clement
67 lines
1.2 KiB
Bash
67 lines
1.2 KiB
Bash
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
|
|
# PROVIDE: ugidfw
|
|
# REQUIRE:
|
|
# BEFORE: LOGIN
|
|
# KEYWORD: nojail
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="ugidfw"
|
|
rcvar="ugidfw_enable"
|
|
start_cmd="ugidfw_start"
|
|
start_precmd="ugidfw_precmd"
|
|
stop_cmd="ugidfw_stop"
|
|
|
|
ugidfw_load()
|
|
{
|
|
if [ -r "${bsdextended_script}" ]; then
|
|
. "${bsdextended_script}"
|
|
echo -n " ${_bsdextended_profile}"
|
|
fi
|
|
}
|
|
|
|
ugidfw_precmd()
|
|
{
|
|
if ! sysctl security.mac.bsdextended
|
|
then kldload mac_bsdextended
|
|
if [ "$?" -ne "0" ]
|
|
then warn Unable to load the mac_bsdextended module.
|
|
return 1
|
|
else
|
|
return 0
|
|
fi
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
ugidfw_start()
|
|
{
|
|
# check for existing profiles and set the default policy script
|
|
# if none was specified
|
|
[ -z "${bsdextended_profiles}" ] && {
|
|
bsdextended_profiles=default
|
|
[ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended
|
|
bsdextended_default_script=/etc/rc.bsdextended
|
|
}
|
|
|
|
echo -n "Loading MAC bsdextended rules:"
|
|
for _bsdextended_profile in ${bsdextended_profiles}; do
|
|
eval bsdextended_script=\"\$bsdextended_${_bsdextended_profile}_script\"
|
|
ugidfw_load
|
|
done
|
|
echo '.'
|
|
}
|
|
|
|
ugidfw_stop()
|
|
{
|
|
# Disable the policy
|
|
#
|
|
kldunload mac_bsdextended
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|