sbin/init/rc.d/ugidfw

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4
   5 # PROVIDE: ugidfw
   6 # REQUIRE: FILESYSTEMS
   7 # BEFORE: LOGIN
   8 # KEYWORD: nojail shutdown
   9
  10 . /etc/rc.subr
  11
  12 name="ugidfw"
  13 desc="Firewall-like access controls for file system objects"
  14 rcvar="ugidfw_enable"
  15 start_cmd="ugidfw_start"
  16 stop_cmd="ugidfw_stop"
  17 required_modules="mac_bsdextended"
  18
  19 ugidfw_load()
  20 {
  21         if [ -r "${bsdextended_script}" ]; then
  22                 . "${bsdextended_script}"
  23         fi
  24 }
  25
  26 ugidfw_start()
  27 {
  28         [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended
  29
  30         if [ -r "${bsdextended_script}" ]; then
  31                 ugidfw_load
  32                 echo "MAC bsdextended rules loaded."
  33         fi
  34 }
  35
  36 ugidfw_stop()
  37 {
  38         local rulecount
  39
  40         # Disable the policy
  41         #
  42         # Check for the existence of rules and flush them if needed.
  43         rulecount=$(sysctl -in security.mac.bsdextended.rule_count)
  44         if [ ${rulecount:-0} -gt 0 ]; then
  45                 ugidfw list | sed -n '2,$p' | cut -d ' ' -f 1 | sort -r -n |
  46                     xargs -n 1 ugidfw remove
  47                 echo "MAC bsdextended rules flushed."
  48         fi
  49 }
  50
  51 load_rc_config $name
  52 run_rc_command "$1"