NetBSD/etc/rc.d/securelevel

#!/bin/sh
#
# $NetBSD: securelevel,v 1.8 2009/12/29 17:06:10 elad Exp $
#

# PROVIDE: securelevel
# REQUIRE: ipnat mountd
# BEFORE:  DAEMON

$_rc_subr_loaded . /etc/rc.subr

name="securelevel"
start_cmd="securelevel_start"
stop_cmd=":"

securelevel_start()
{
	#	if $securelevel is set higher, change it here, else if
	#	it is 0, change it to 1 here, before we start daemons
	#	or login services.
	#
	osecurelevel=$(sysctl -n kern.securelevel 2>&-)
	if [ $? != 0 ]; then
		echo "Can't set securelevel. (kern.securelevel sysctl not present.)"
		exit 1
	fi

	if [ -n "$securelevel" -a "$securelevel" != "$osecurelevel" ]; then
		if [ "$securelevel" -lt "$osecurelevel" ]; then
			echo "Can't lower securelevel."
			exit 1
		else
			echo -n "Setting securelevel: "
			sysctl -w kern.securelevel=$securelevel
		fi
	else
		if [ "$osecurelevel" = 0 ]; then
			echo -n "Setting securelevel: "
			sysctl -w kern.securelevel=1
		fi
 	fi
}

load_rc_config $name
run_rc_command "$1"
migrate raising of securelevel from sysctl to separate securelevel script. the latter depends upon aftermountlkm (but is required by DAEMON), so that lkms may be loaded before the securelevel is raised. noted by Rafal Boni <rafal@mediaone.net> in [bin/10780] 2000-08-22 03:31:24 +04:00			`#!/bin/sh`
			`#`
Securelevel might not be present, properly complain instead of printing error messages from sysctl(8). 2009-12-29 20:06:10 +03:00			`# $NetBSD: securelevel,v 1.8 2009/12/29 17:06:10 elad Exp $`
migrate raising of securelevel from sysctl to separate securelevel script. the latter depends upon aftermountlkm (but is required by DAEMON), so that lkms may be loaded before the securelevel is raised. noted by Rafal Boni <rafal@mediaone.net> in [bin/10780] 2000-08-22 03:31:24 +04:00			`#`

			`# PROVIDE: securelevel`
Remove LKMs and switch to the module framework, pass 1. Proposed on tech-kern@. 2008-11-12 15:35:50 +03:00			`# REQUIRE: ipnat mountd`
Correct the "direction" of the barrier dependencies (DAEMON, LOGIN, NETWORKING, and SERVERS) by specifying that certain things should come BEFORE a given barrier, rather than having the barrier REQUIRE a service. This allows scripts to be removed without having to edit the barrier dependencies. As discussed on tech-userlevel, and approved by Luke. 2002-03-22 07:33:57 +03:00			`# BEFORE: DAEMON`
migrate raising of securelevel from sysctl to separate securelevel script. the latter depends upon aftermountlkm (but is required by DAEMON), so that lkms may be loaded before the securelevel is raised. noted by Rafal Boni <rafal@mediaone.net> in [bin/10780] 2000-08-22 03:31:24 +04:00
Add an _rc_subr_loaded variable, set to ":" by rc.subr. Scripts can use this for a speedup by doing: $_rc_subr_loaded . /etc/rc.subr 2004-08-13 22:08:03 +04:00			`$_rc_subr_loaded . /etc/rc.subr`
migrate raising of securelevel from sysctl to separate securelevel script. the latter depends upon aftermountlkm (but is required by DAEMON), so that lkms may be loaded before the securelevel is raised. noted by Rafal Boni <rafal@mediaone.net> in [bin/10780] 2000-08-22 03:31:24 +04:00
			`name="securelevel"`
			`start_cmd="securelevel_start"`
			`stop_cmd=":"`

			`securelevel_start()`
			`{`
clean up a little: - don't set the securelevel to the same thing - don't try to lower the securelevel inspired by PR#13647 2002-03-01 20:58:00 +03:00			`# if $securelevel is set higher, change it here, else if`
			`# it is 0, change it to 1 here, before we start daemons`
			`# or login services.`
migrate raising of securelevel from sysctl to separate securelevel script. the latter depends upon aftermountlkm (but is required by DAEMON), so that lkms may be loaded before the securelevel is raised. noted by Rafal Boni <rafal@mediaone.net> in [bin/10780] 2000-08-22 03:31:24 +04:00			`#`
Securelevel might not be present, properly complain instead of printing error messages from sysctl(8). 2009-12-29 20:06:10 +03:00			`osecurelevel=$(sysctl -n kern.securelevel 2>&-)`
			`if [ $? != 0 ]; then`
			`echo "Can't set securelevel. (kern.securelevel sysctl not present.)"`
			`exit 1`
			`fi`

clean up a little: - don't set the securelevel to the same thing - don't try to lower the securelevel inspired by PR#13647 2002-03-01 20:58:00 +03:00			`if [ -n "$securelevel" -a "$securelevel" != "$osecurelevel" ]; then`
			`if [ "$securelevel" -lt "$osecurelevel" ]; then`
			`echo "Can't lower securelevel."`
			`exit 1`
			`else`
			`echo -n "Setting securelevel: "`
			`sysctl -w kern.securelevel=$securelevel`
			`fi`
migrate raising of securelevel from sysctl to separate securelevel script. the latter depends upon aftermountlkm (but is required by DAEMON), so that lkms may be loaded before the securelevel is raised. noted by Rafal Boni <rafal@mediaone.net> in [bin/10780] 2000-08-22 03:31:24 +04:00			`else`
clean up a little: - don't set the securelevel to the same thing - don't try to lower the securelevel inspired by PR#13647 2002-03-01 20:58:00 +03:00			`if [ "$osecurelevel" = 0 ]; then`
migrate raising of securelevel from sysctl to separate securelevel script. the latter depends upon aftermountlkm (but is required by DAEMON), so that lkms may be loaded before the securelevel is raised. noted by Rafal Boni <rafal@mediaone.net> in [bin/10780] 2000-08-22 03:31:24 +04:00			`echo -n "Setting securelevel: "`
			`sysctl -w kern.securelevel=1`
			`fi`
			`fi`
			`}`

			`load_rc_config $name`
			`run_rc_command "$1"`