Date: Thu, 21 Aug 2014 22:54:29 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-rc@FreeBSD.org Subject: [Bug 145009] [patch] rc.subr(8): rc.conf should allow mac label configuration Message-ID: <bug-145009-4805-v0bi6GNMRH@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-145009-4805@https.bugs.freebsd.org/bugzilla/> References: <bug-145009-4805@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=145009 --- Comment #3 from ta0kira@gmail.com --- Here is a more general solution that involves setting the login class and processing /etc/login.conf. It relies on the program attached to bug 192900 (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192900), which processes /etc/login.conf and optionally sets the MAC label. The attached patch modifies /etc/rc.subr so that it by default applies the "daemon" login class when running an rc.d script, with possible exceptions made in the new file /etc/rc.exempt. Each line specifies the full path name of an rc.d script (e.g., /etc/rc.d/sshd), and an optional login class following a colon (e.g., /etc/rc.d/sshd:sshd, for login class "sshd"). If no login class is specified, "default" is used. So, with the rc.subr patch, sshd would be; by default, run under login class "daemon"; run under login class "default" if "/etc/rc.d/sshd" is in /etc/rc.exempt; and run under login class "sshd" if "/etc/rc.d/sshd:sshd" is in /etc/rc.exempt. This isn't a perfect solution, but it's a start. Note that 'eval "$(set)"' (line 50 of the patch) isn't ideal, but it seems to be necessary, since some rc.d scripts (e.g., fsck) assume that they're going to be sourced, rather than executed. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-145009-4805-v0bi6GNMRH>