[src/netbsd-3]: src/etc Pull up following revision(s) (requested by elad in t...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/dce632668169
branches:  netbsd-3
changeset: 577389:dce632668169
user:      tron <tron%NetBSD.org@localhost>
date:      Fri Oct 21 13:12:52 2005 +0000

description:
Pull up following revision(s) (requested by elad in ticket #896):
        etc/defaults/rc.conf: revision 1.70
        etc/rc.d/veriexec: revision 1.8
Load Veriexec signatures after mountall. Use veriexec_strict and
veriexec_verbose to set strict level and verbose level in rc.conf.
Defaults are 0.

diffstat:

 etc/defaults/rc.conf |   4 +++-
 etc/rc.d/veriexec    |  11 ++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diffs (45 lines):

diff -r 6236f33f8e36 -r dce632668169 etc/defaults/rc.conf
--- a/etc/defaults/rc.conf      Fri Oct 21 13:09:03 2005 +0000
+++ b/etc/defaults/rc.conf      Fri Oct 21 13:12:52 2005 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: rc.conf,v 1.63.2.1 2005/08/15 19:02:55 tron Exp $
+#      $NetBSD: rc.conf,v 1.63.2.2 2005/10/21 13:12:52 tron Exp $
 #
 # /etc/defaults/rc.conf --
 #      default configuration of /etc/rc.conf
@@ -335,3 +335,5 @@
 # Verified exec signature loading.
 #
 veriexec=NO
+veriexec_strict=0
+veriexec_verbose=0
diff -r 6236f33f8e36 -r dce632668169 etc/rc.d/veriexec
--- a/etc/rc.d/veriexec Fri Oct 21 13:09:03 2005 +0000
+++ b/etc/rc.d/veriexec Fri Oct 21 13:12:52 2005 +0000
@@ -1,11 +1,11 @@
 #!/bin/sh
 #
-#      $NetBSD: veriexec,v 1.3.2.4 2005/10/21 12:35:26 tron Exp $
+#      $NetBSD: veriexec,v 1.3.2.5 2005/10/21 13:12:52 tron Exp $
 #
 
 # PROVIDE: veriexec
-# REQUIRE: mountcritlocal
-# BEFORE:  securelevel sysctl
+# REQUIRE: mountall
+# BEFORE: ldconfig
 
 $_rc_subr_loaded . /etc/rc.subr
 
@@ -18,6 +18,11 @@
        echo -n "Loading fingerprints..."
        /sbin/veriexecctl load /etc/signatures
        echo " done."
+
+       # We can't set these before loading the fingerprints, because
+       # raising the strict level can prevent us from doing the load.
+       /sbin/sysctl -w kern.veriexec.strict=$veriexec_strict
+       /sbin/sysctl -w kern.veriexec.verbose=$veriexec_verbose
 }
 
 load_rc_config $name