mirror of
https://github.com/opnsense/src.git
synced 2026-05-15 18:49:57 -04:00
4ee2bcb486
/etc/rc.d/securelevel is supposed to run /etc/rc.d/sysctl lastload
late at boot time to apply /etc/sysctl.conf settings that fail
to apply early. However, this does not work in default configuration
because of kern_securelevel_enable="NO" by default.
Add new script /etc/rc.d/sysctl_lastload that starts unconditionally.
Reported by: Marek Zarychta
(cherry picked from commit f4b38c360e)
26 lines
440 B
Bash
Executable file
26 lines
440 B
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: securelevel
|
|
# REQUIRE: adjkerntz ipfw pf sysctl_lastload
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="securelevel"
|
|
desc="Securelevel configuration"
|
|
rcvar='kern_securelevel_enable'
|
|
start_cmd="securelevel_start"
|
|
stop_cmd=":"
|
|
|
|
securelevel_start()
|
|
{
|
|
if [ ${kern_securelevel} -ge 0 ]; then
|
|
echo 'Raising kernel security level: '
|
|
${SYSCTL} kern.securelevel=${kern_securelevel}
|
|
fi
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|