1#!/bin/sh 2# 3 4# PROVIDE: ugidfw 5# REQUIRE: FILESYSTEMS 6# BEFORE: LOGIN 7# KEYWORD: nojail shutdown 8 9. /etc/rc.subr 10 11name="ugidfw" 12desc="Firewall-like access controls for file system objects" 13rcvar="ugidfw_enable" 14start_cmd="ugidfw_start" 15stop_cmd="ugidfw_stop" 16required_modules="mac_bsdextended" 17 18ugidfw_load() 19{ 20 if [ -r "${bsdextended_script}" ]; then 21 . "${bsdextended_script}" 22 fi 23} 24 25ugidfw_start() 26{ 27 [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended 28 29 if [ -r "${bsdextended_script}" ]; then 30 ugidfw_load 31 echo "MAC bsdextended rules loaded." 32 fi 33} 34 35ugidfw_stop() 36{ 37 local rulecount 38 39 # Disable the policy 40 # 41 # Check for the existence of rules and flush them if needed. 42 rulecount=$(sysctl -in security.mac.bsdextended.rule_count) 43 if [ ${rulecount:-0} -gt 0 ]; then 44 ugidfw list | sed -n '2,$p' | cut -d ' ' -f 1 | sort -r -n | 45 xargs -n 1 ugidfw remove 46 echo "MAC bsdextended rules flushed." 47 fi 48} 49 50load_rc_config $name 51 52# doesn't make sense to run in a svcj: nojail keyword 53ugidfw_svcj="NO" 54 55run_rc_command "$1" 56