mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-28 05:55:27 +01:00
c21ae3a403
This has the following advantages: - During boot, the BOOT_TIME record is now written right after the file systems become writable, but before users are allowed to log in. This means that they can't cause `hidden logins' by logging in right before init(8) kicks in. - The pututxline(3) function may potentially block on file locking, though this is very rare to occur. By placing it in an rc script, the user can still kill it with ^C if needed. - Most importantly: jails don't use init(8). This means that a force reboot of a system running jails will leave stale entries in the accounting database of the jails individually.
72 lines
1.2 KiB
Bash
Executable File
72 lines
1.2 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: cleanvar
|
|
# REQUIRE: FILESYSTEMS var
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="cleanvar"
|
|
rcvar="cleanvar_enable"
|
|
|
|
start_precmd="${name}_prestart"
|
|
start_cmd="${name}_start"
|
|
stop_cmd=":"
|
|
|
|
extra_commands="reload"
|
|
reload_cmd="${name}_start"
|
|
|
|
purgedir()
|
|
{
|
|
local dir file
|
|
|
|
if [ $# -eq 0 ]; then
|
|
purgedir .
|
|
else
|
|
for dir
|
|
do
|
|
(
|
|
cd "$dir" && for file in .* *
|
|
do
|
|
# Skip over logging sockets
|
|
[ -S "$file" -a "$file" = "log" ] && continue
|
|
[ -S "$file" -a "$file" = "logpriv" ] && continue
|
|
[ ."$file" = .. -o ."$file" = ... ] && continue
|
|
if [ -d "$file" -a ! -L "$file" ]
|
|
then
|
|
purgedir "$file"
|
|
else
|
|
rm -f -- "$file"
|
|
fi
|
|
done
|
|
)
|
|
done
|
|
fi
|
|
}
|
|
|
|
cleanvar_prestart()
|
|
{
|
|
# These files must be removed only the first time this script is run
|
|
# on boot.
|
|
#
|
|
rm -f /var/run/clean_var /var/spool/lock/clean_var
|
|
}
|
|
|
|
cleanvar_start ()
|
|
{
|
|
if [ -d /var/run -a ! -f /var/run/clean_var ]; then
|
|
purgedir /var/run
|
|
>/var/run/clean_var
|
|
fi
|
|
if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then
|
|
purgedir /var/spool/lock
|
|
>/var/spool/lock/clean_var
|
|
fi
|
|
rm -rf /var/spool/uucp/.Temp/*
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|