Browse Source

Only look for the kernel module if not jailed.

KLD-related system calls have been hardened to disallow jailed users
from seeing any KLD information.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
github-issue:	#34
master
Shawn Webb 3 years ago
parent
commit
923ad09a11
No known key found for this signature in database
1 changed files with 8 additions and 2 deletions
  1. +8
    -2
      etc/rc.d/secadm

+ 8
- 2
etc/rc.d/secadm View File

@@ -46,14 +46,20 @@ command_args="load ${secadm_rules}"

secadm_prestart()
{
local jailed

jailed=$(sysctl -n security.jail.jailed)

if [ ! -f ${secadm_rules} ]
then
echo "missing rules file: ${secadm_rules}"
return 1
fi

if ! /sbin/kldstat -qm secadm; then
/sbin/kldload secadm
if [ ${jailed} -eq 0 ]; then
if ! /sbin/kldstat -qm secadm; then
/sbin/kldload secadm
fi
fi
}


Loading…
Cancel
Save