ugidfw revision 144515
178344Sobrien#!/bin/sh 278344Sobrien# 398184Sgordon# $FreeBSD: head/etc/rc.d/ugidfw 144515 2005-04-02 00:01:03Z trhodes $ 498184Sgordon 578344Sobrien# PROVIDE: ugidfw 678344Sobrien# REQUIRE: 778344Sobrien# BEFORE: LOGIN 898184Sgordon# KEYWORD: nojail 998184Sgordon 1098184Sgordon. /etc/rc.subr 1178344Sobrien 1278344Sobrienname="ugidfw" 1378344Sobrienrcvar="ugidfw_enable" 1478344Sobrienstart_cmd="ugidfw_start" 1578344Sobrienstart_precmd="ugidfw_precmd" 1698184Sgordonstop_cmd="ugidfw_stop" 1798184Sgordon 1898184Sgordonugidfw_load() 1998184Sgordon{ 2098184Sgordon if [ -r "${bsdextended_script}" ]; then 2198184Sgordon . "${bsdextended_script}" 2298184Sgordon echo -n " ${_bsdextended_profile}" 2398184Sgordon fi 2498184Sgordon} 2598184Sgordon 2698184Sgordonugidfw_precmd() 2798184Sgordon{ 2898184Sgordon if ! sysctl security.mac.bsdextended 2998184Sgordon then kldload mac_bsdextended 3098184Sgordon if [ "$?" -ne "0" ] 3198184Sgordon then warn Unable to load the mac_bsdextended module. 3298184Sgordon return 1 3378344Sobrien else 3478344Sobrien return 0 3578344Sobrien fi 3678344Sobrien fi 3798184Sgordon return 0 3878344Sobrien} 3978344Sobrien 4078344Sobrienugidfw_start() 4178344Sobrien{ 4278344Sobrien # check for existing profiles and set the default policy script 4398184Sgordon # if none was specified 4478344Sobrien [ -z "${bsdextended_profiles}" ] && { 4578344Sobrien bsdextended_profiles=default 4678344Sobrien [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended 47 bsdextended_default_script=/etc/rc.bsdextended 48 } 49 50 echo -n "Loading MAC bsdextended rules:" 51 for _bsdextended_profile in ${bsdextended_profiles}; do 52 eval bsdextended_script=\"\$bsdextended_${_bsdextended_profile}_script\" 53 ugidfw_load 54 done 55 echo '.' 56} 57 58ugidfw_stop() 59{ 60 # Disable the policy 61 # 62 kldunload mac_bsdextended 63} 64 65load_rc_config $name 66run_rc_command "$1" 67