HardenedBSD/etc/rc.d/cleanvar
Ed Schouten c21ae3a403 Move utmpx handling out of init(8).
This has the following advantages:

- During boot, the BOOT_TIME record is now written right after the file
  systems become writable, but before users are allowed to log in. This
  means that they can't cause `hidden logins' by logging in right before
  init(8) kicks in.

- The pututxline(3) function may potentially block on file locking,
  though this is very rare to occur. By placing it in an rc script, the
  user can still kill it with ^C if needed.

- Most importantly: jails don't use init(8). This means that a force
  reboot of a system running jails will leave stale entries in the
  accounting database of the jails individually.
2012-02-11 20:47:16 +00:00

72 lines
1.2 KiB
Bash
Executable File

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: cleanvar
# REQUIRE: FILESYSTEMS var
. /etc/rc.subr
name="cleanvar"
rcvar="cleanvar_enable"
start_precmd="${name}_prestart"
start_cmd="${name}_start"
stop_cmd=":"
extra_commands="reload"
reload_cmd="${name}_start"
purgedir()
{
local dir file
if [ $# -eq 0 ]; then
purgedir .
else
for dir
do
(
cd "$dir" && for file in .* *
do
# Skip over logging sockets
[ -S "$file" -a "$file" = "log" ] && continue
[ -S "$file" -a "$file" = "logpriv" ] && continue
[ ."$file" = .. -o ."$file" = ... ] && continue
if [ -d "$file" -a ! -L "$file" ]
then
purgedir "$file"
else
rm -f -- "$file"
fi
done
)
done
fi
}
cleanvar_prestart()
{
# These files must be removed only the first time this script is run
# on boot.
#
rm -f /var/run/clean_var /var/spool/lock/clean_var
}
cleanvar_start ()
{
if [ -d /var/run -a ! -f /var/run/clean_var ]; then
purgedir /var/run
>/var/run/clean_var
fi
if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then
purgedir /var/spool/lock
>/var/spool/lock/clean_var
fi
rm -rf /var/spool/uucp/.Temp/*
}
load_rc_config $name
run_rc_command "$1"