Unverified Commit 923ad09a authored by Shawn Webb's avatar Shawn Webb
Browse files

Only look for the kernel module if not jailed.



KLD-related system calls have been hardened to disallow jailed users
from seeing any KLD information.

Signed-off-by: Shawn Webb's avatarShawn Webb <shawn.webb@hardenedbsd.org>
github-issue:	#34
parent 2a03aba1
......@@ -46,15 +46,21 @@ command_args="load ${secadm_rules}"
secadm_prestart()
{
local jailed
jailed=$(sysctl -n security.jail.jailed)
if [ ! -f ${secadm_rules} ]
then
echo "missing rules file: ${secadm_rules}"
return 1
fi
if [ ${jailed} -eq 0 ]; then
if ! /sbin/kldstat -qm secadm; then
/sbin/kldload secadm
fi
fi
}
secadm_stop()
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment