Feature Request: /usr/local/etc/rc.conf support

[Ted Cabeen]

"Scot W. Hetzel" <hetzelsw at westbend.net> writes:

> From: "Ted Cabeen" <secabeen at pobox.com>
>> The system securelevel is set in the /etc/rc.conf file.  To prevent an
>> attacker from changing the securelevel defined there and then
>> rebooting the machine, I set the /etc/rc.conf file to be immutable.
>> However, I'd like to be able to install new ports and have them start
>> automatically without having to boot to single-user to modify rc.conf
>> (or any other configuration file equivalent to rc.conf).
>>
> We don't need a /usr/local/etc/rc.conf file to be used by ports only.
> Instead rc.subr has the ability to load a file for each script from
> /etc/rc.conf.d.  You will need to create the /etc/rc.conf.d directory, and
> then create individual files for the script that that you want to change the
> settings for.
>
> These files are named after the $name variable in each script.

This looks like it might work for my needs, but I have a few questions.

When would these files be loaded in the boot process, right before the
service they're named after, or all at once at the beginning?

Would they be run in the same process space as the rest of the rc
system?  If so, how do we unset the environment variables set in each
script after the script has been run through?

My main concern is having a configuration file that can be used to
define environment variables that are used for ports only and which
don't leak into the boot sequence environment.

-- 
Ted Cabeen           http://www.pobox.com/~secabeen            ted at impulse.net 
Check Website or Keyserver for PGP/GPG Key BA0349D2         secabeen at pobox.com
"I have taken all knowledge to be my province." -F. Bacon  secabeen at cabeen.org
"Human kind cannot bear very much reality."-T.S.Eliot        cabeen at netcom.com