Allow LOMAC to be loaded as part of the boot scripts using "lomac_enable"

setting in rc.conf. Extracted from the still clammy hands of: green Sponsored by: DARPA, NAI Labs
2002-03-12 21:47:31 +00:00 · 2002-03-12 21:47:31 +00:00 · 02ff3db358
commit 02ff3db358
parent 5ccd83be46
2 changed files with 8 additions and 0 deletions
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@ -365,6 +365,7 @@ ldconfig_paths_aout="/usr/lib/compat/aout /usr/X11R6/lib/aout /usr/local/lib/aou
 			# a.out shared library search paths
 kern_securelevel_enable="NO"	# kernel security level (see init(8)),
 kern_securelevel="-1"	# range: -1..3 ; `-1' is the most insecure
+lomac_enable="NO"	# start lomac(4) security module at boot
 update_motd="YES"	# update version info in /etc/motd (or NO)
 start_vinum="NO"	# set to YES to start vinum
 unaligned_print="YES"	# print unaligned access warnings on the alpha (or NO).
--- a/etc/rc
+++ b/etc/rc
@ -521,6 +521,13 @@ rm -f /tmp/.X*-lock /tmp/.X11-unix/*
 # Snapshot any kernel -c changes back to disk here <someday>.
 # This has changed with ELF and /kernel.config.

+# Load LOMAC(4) security if wanted.
+case ${lomac_enable} in
+[Yy][Ee][Ss])
+	kldload lomac >/dev/null 2>&1
+	;;
+esac
+
 echo -n 'Additional daemons:'

 # Start system logging and name service.  Named needs to start before syslogd