o Implement the stop_boot subroutine [1]. This subroutine can be used by

scripts in rc.d to stop rc(8) from booting into multi-user mode when
  a critical or severe error condition is encountered.

o Modify scripts in etc/rc.d that already implemented this functionality
  independently.

o Document it.

[1] - This subroutine was implemented in FreeBSD in rc.d/fsck. I moved it
      to rc.subr(8). Our version differs slightly in that it takes an
      optional argument to stop the boot even if "autoboot" is not set.

Obtained from: NetBSD
MFC after: 2 weeks

etc/rc.d/fsck

@@ -14,17 +14,6 @@ name="fsck"
 start_cmd="fsck_start"
 stop_cmd=":"
 
-stop_boot()
-{
-	#	Terminate the process (which may include the parent /etc/rc)
-	#	if booting directly to multiuser mode.
-	#
-	if [ "$autoboot" = yes ]; then
-		kill -TERM $$
-	fi
-	exit 1
-}
-
 fsck_start()
 {
 	if [ "$autoboot" = no ]; then

etc/rc.d/ipsec

@@ -26,15 +26,7 @@ ipsec_prestart()
 {
 	if [ ! -f "$ipsec_file" ]; then
 		warn "$ipsec_file not readable; ipsec start aborted."
-			#
-			# If booting directly to multiuser, send SIGTERM to
-			# the parent (/etc/rc) to abort the boot
-			#
-		if [ "$autoboot" = yes ]; then
-			echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
-			kill -TERM $$
-			exit 1
-		fi
+		stop_boot
 		return 1
 	fi
 	return 0

etc/rc.d/mountcritlocal

@@ -43,7 +43,7 @@ mountcritlocal_start()
 	*)
 		echo 'Mounting /etc/fstab filesystems failed,' \
 		    ' startup aborted'
-		kill -QUIT $$
+		stop_boot true
 		;;
 	esac
 }

etc/rc.d/mountlate

@@ -27,7 +27,7 @@ mountlate_start()
 	*)
 		echo 'Mounting /etc/fstab filesystems failed,' \
 		    ' startup aborted'
-		kill -QUIT $$
+		stop_boot true
 		;;
 	esac
 }

etc/rc.d/root

@@ -25,7 +25,7 @@ root_start()
 	*)
 		if ! mount -uw /; then
 			echo 'Mounting root filesystem rw failed, startup aborted'
-			/bin/kill -QUIT $$
+			stop_boot true
 		fi
 		;;
 	esac

etc/rc.subr

@@ -40,6 +40,7 @@
 #
 
 : ${rcvar_manpage:='rc.conf(5)'}
+: ${RC_PID:=$$}; export RC_PID
 
 #
 #	Operating System dependent/independent variables
@@ -161,6 +162,27 @@ reverse_list()
 	echo $_revlist
 }
 
+# stop_boot always
+#	If booting directly to multiuser or $always is enabled,
+#	send SIGTERM to the parent (/etc/rc) to abort the boot.
+#	Otherwise just exit.
+#
+stop_boot()
+{
+	local always
+
+	if [ -n "$1" ] && checkyesno $1; then
+		always=true
+	else
+		always=false
+	fi
+	if [ "$autoboot" = yes -o "$always" = true ]; then
+		echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
+		kill -TERM ${RC_PID}
+	fi
+	exit 1
+}
+
 #
 # mount_critical_filesystems type
 #	Go through the list of critical filesystems as provided in

share/man/man8/rc.8

@@ -35,7 +35,7 @@
 .\"     @(#)rc.8	8.2 (Berkeley) 12/11/93
 .\" $FreeBSD$
 .\"
-.Dd December 19, 2005
+.Dd May 18, 2007
 .Dt RC 8
 .Os
 .Sh NAME
@@ -249,16 +249,11 @@ Extreme care must be taken in using this, as the startup sequence will
 terminate if the script does.
 .It Pa bar
 Scripts that are sourced in a subshell.
-These can stop the boot if necessary with the following shell
-commands:
-.Bd -literal -offset indent
-if [ "$autoboot" = yes ]; then
-	kill -TERM $$
-fi
-exit 1
-.Ed
-.Pp
-Note that this should be used extremely sparingly!
+The boot does not stop if such a script terminates with a non-zero status,
+but a script can stop the boot if necessary by invoking the
+.Fn stop_boot
+function (from
+.Xr rc.subr 8 ).
 .El
 .Pp
 Each script should contain

share/man/man8/rc.subr.8

@@ -36,7 +36,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 27, 2006
+.Dd May 18, 2007
 .Dt RC.SUBR 8
 .Os
 .Sh NAME
@@ -833,6 +833,23 @@ otherwise source
 .Ar file
 into the current shell.
 .El
+.It Ic stop_boot Op Ar always
+Prevent booting to multiuser mode.
+If the
+.Sy autoboot
+variable is
+.Sq yes ,
+or
+.Ar always
+is
+.Sq true ,
+then a
+.Sy SIGTERM
+signal is sent to the parent
+process (which is assumed to be
+.Xr rc 8 ).
+Otherwise, the shell exits with status
+.Li 1 .
 .It Ic set_rcvar Op Ar base
 Set the variable name required to start a service.
 In