#!/sbin/runscript
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/files/grsecurity.rc,v 1.9 2004/07/15 00:42:30 agriffis Exp $

# Note: chpax support has been removed from this init script.
# Configure /etc/conf.d/chpax and add chpax to your default runlevel instead


PROCDIR=/proc/sys/kernel/grsecurity

depend() {
	need bootmisc localmount
	after chpax
}

checkconfig() {
	if [ ! -d ${PROCDIR} ] ; then
		eerror "You must have GR security turned on in your kernel."
		return 1
	fi
}

start() {
	checkconfig || return 1

	ebegin "Starting grsecurity"

	for x in ${ENABLED}; do
		# [ -f ${PROCDIR}/${x} ] && continue
		# einfo "\tEnabling kernel.grsecurity.${x}"
		case "${x}" in
		audit_group)
			echo ${audit_gid} > ${PROCDIR}/audit_gid
			echo 1 > ${PROCDIR}/${x}
			;;
		tpe)
			echo ${tpe_gid} > ${PROCDIR}/tpe_gid
			echo 1 > ${PROCDIR}/${x}
			;;
		allow_ptrace_group)
			echo ${ptrace_gid} > ${PROCDIR}/ptrace_gid
			echo 1 > ${PROCDIR}/${x}
			;;
		fork_bomb_prot)
			echo ${fork_bomb_gid} >${PROCDIR}/fork_bomb_gid
			echo ${fork_bomb_sec} >${PROCDIR}/fork_bomb_sec
			echo ${fork_bomb_max} >${PROCDIR}/fork_bomb_max
			echo 1 > ${PROCDIR}/${x}
			;;
		socket_all)
			echo ${socket_all_gid} >${PROCDIR}/socket_all_gid
			echo 1 > ${PROCDIR}/${x}
			;;
		socket_client)
			echo ${socket_client_gid} >${PROCDIR}/socket_client_gid
			echo 1 > ${PROCDIR}/${x}
			;;
		socket_server)
			echo ${socket_server_gid} >${PROCDIR}/socket_server_gid
			echo 1 > ${PROCDIR}/${x}
			;;
		*)
			[ -f ${PROCDIR}/${x} ] && echo 1 >${PROCDIR}/${x}
			;;
		esac
	done

	[ -f ${PROCDIR}/grsec_lock ] && echo ${LOCK} >${PROCDIR}/grsec_lock

	eend ${?}
}

#stop() {
#	ebegin "Stopping grsecurity"
#	eend ${?}
#}