1#!/bin/sh 2# 3# $FreeBSD$ 4 5# PROVIDE: ugidfw 6# REQUIRE: FILESYSTEMS 7# BEFORE: LOGIN 8# KEYWORD: nojail shutdown 9 10. /etc/rc.subr 11 12name="ugidfw" 13desc="Firewall-like access controls for file system objects" 14rcvar="ugidfw_enable" 15start_cmd="ugidfw_start" 16stop_cmd="ugidfw_stop" 17required_modules="mac_bsdextended" 18 19ugidfw_load() 20{ 21 if [ -r "${bsdextended_script}" ]; then 22 . "${bsdextended_script}" 23 fi 24} 25 26ugidfw_start() 27{ 28 [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended 29 30 if [ -r "${bsdextended_script}" ]; then 31 ugidfw_load 32 echo "MAC bsdextended rules loaded." 33 fi 34} 35 36ugidfw_stop() 37{ 38 local rulecount 39 40 # Disable the policy 41 # 42 # Check for the existence of rules and flush them if needed. 43 rulecount=$(sysctl -in security.mac.bsdextended.rule_count) 44 if [ ${rulecount:-0} -gt 0 ]; then 45 ugidfw list | sed -n '2,$p' | cut -d ' ' -f 1 | sort -r -n | 46 xargs -n 1 ugidfw remove 47 echo "MAC bsdextended rules flushed." 48 fi 49} 50 51load_rc_config $name 52run_rc_command "$1" 53