etc/rc.d/ugidfw

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4
   5 # PROVIDE: ugidfw
   6 # REQUIRE:
   7 # BEFORE: LOGIN
   8 # KEYWORD: nojail
   9
  10 . /etc/rc.subr
  11
  12 name="ugidfw"
  13 rcvar="ugidfw_enable"
  14 start_cmd="ugidfw_start"
  15 start_precmd="ugidfw_precmd"
  16 stop_cmd="ugidfw_stop"
  17
  18 ugidfw_load()
  19 {
  20         if [ -r "${bsdextended_script}" ]; then
  21                 . "${bsdextended_script}"
  22                 echo -n " ${_bsdextended_profile}"
  23         fi
  24 }
  25
  26 ugidfw_precmd()
  27 {
  28         if ! sysctl security.mac.bsdextended
  29           then kldload mac_bsdextended
  30             if [ "$?" -ne "0" ]
  31               then warn Unable to load the mac_bsdextended module.
  32               return 1
  33         else
  34           return 0
  35           fi
  36         fi
  37         return 0
  38 }
  39
  40 ugidfw_start()
  41 {
  42         # check for existing profiles and set the default policy script
  43         # if none was specified
  44         [ -z "${bsdextended_profiles}" ] && {
  45           bsdextended_profiles=default
  46           [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended
  47           bsdextended_default_script=/etc/rc.bsdextended
  48         }
  49
  50         echo -n "Loading MAC bsdextended rules:"
  51         for _bsdextended_profile in ${bsdextended_profiles}; do
  52           eval bsdextended_script=\"\$bsdextended_${_bsdextended_profile}_script\"
  53           ugidfw_load
  54         done
  55         echo '.'
  56 }
  57
  58 ugidfw_stop()
  59 {
  60         # Disable the policy
  61         #
  62         kldunload mac_bsdextended
  63 }
  64
  65 load_rc_config $name
  66 run_rc_command "$1"