etc/rc.d/ugidfw

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4
   5 # PROVIDE: ugidfw
   6 # REQUIRE: FILESYSTEMS
   7 # BEFORE: LOGIN
   8 # KEYWORD: nojail shutdown
   9
  10 . /etc/rc.subr
  11
  12 name="ugidfw"
  13 rcvar="ugidfw_enable"
  14 start_cmd="ugidfw_start"
  15 stop_cmd="ugidfw_stop"
  16 required_modules="mac_bsdextended"
  17
  18 ugidfw_load()
  19 {
  20         if [ -r "${bsdextended_script}" ]; then
  21                 . "${bsdextended_script}"
  22         fi
  23 }
  24
  25 ugidfw_start()
  26 {
  27         [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended
  28
  29         if [ -r "${bsdextended_script}" ]; then
  30                 ugidfw_load
  31                 echo "MAC bsdextended rules loaded."
  32         fi
  33 }
  34
  35 ugidfw_stop()
  36 {
  37         local rulecount
  38
  39         # Disable the policy
  40         #
  41         # Check for the existence of rules and flush them if needed.
  42         rulecount=$(sysctl -in security.mac.bsdextended.rule_count)
  43         if [ ${rulecount:-0} -gt 0 ]; then
  44                 ugidfw list | sed -n '2,$p' | cut -d ' ' -f 1 | sort -r -n |
  45                     xargs -n 1 ugidfw remove
  46                 echo "MAC bsdextended rules flushed."
  47         fi
  48 }
  49
  50 load_rc_config $name
  51 run_rc_command "$1"