[Bug 145009] [patch] rc.subr(8): rc.conf should allow mac label configuration

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=145009

--- Comment #3 from ta0kira at gmail.com ---
Here is a more general solution that involves setting the login class and
processing /etc/login.conf. It relies on the program attached to bug 192900
(https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192900), which processes
/etc/login.conf and optionally sets the MAC label.

The attached patch modifies /etc/rc.subr so that it by default applies the
"daemon" login class when running an rc.d script, with possible exceptions made
in the new file /etc/rc.exempt. Each line specifies the full path name of an
rc.d script (e.g., /etc/rc.d/sshd), and an optional login class following a
colon (e.g., /etc/rc.d/sshd:sshd, for login class "sshd"). If no login class is
specified, "default" is used. So, with the rc.subr patch, sshd would be; by
default, run under login class "daemon"; run under login class "default" if
"/etc/rc.d/sshd" is in /etc/rc.exempt; and run under login class "sshd" if
"/etc/rc.d/sshd:sshd" is in /etc/rc.exempt.

This isn't a perfect solution, but it's a start. Note that 'eval "$(set)"'
(line 50 of the patch) isn't ideal, but it seems to be necessary, since some
rc.d scripts (e.g., fsck) assume that they're going to be sourced, rather than
executed.

-- 
You are receiving this mail because:
You are the assignee for the bug.