#!/bin/sh
#
# netlabel Start CIPSO labeled networking
#
# chkconfig: - 09 91
# description: Starts and stops CIPSO labeled networking
#
# config: /etc/netlabel.rules
#
# Return values according to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
PATH=/sbin:/bin:/usr/bin:/usr/sbin
VAR_SUBSYS_NETLABEL=/var/lock/subsys/netlabel
RULES=/etc/netlabel.rules
# Source function library.
. /etc/init.d/functions
# Check that we are root ... so non-root users stop here
test `id -u` = 0 || exit 4
test -x /sbin/netlabelctl || exit 5
test -f $RULES || exit 6
start() {
ret_val="0"
# Loop through rules
while read LINE
do
# Skip comments and blank lines
if echo $LINE | egrep '^#|^$' >/dev/null ; then
continue
fi
/sbin/netlabelctl $LINE >/dev/null 2>&1
ret="$?"
if [ "$ret" != "0" ] ; then
ret_val="$ret"
fi
done < $RULES
touch $VAR_SUBSYS_NETLABEL
return $ret_val
}
stop() {
rm -f $VAR_SUBSYS_NETLABEL
# Delete rules
list=`/sbin/netlabelctl cipsov4 list 2>/dev/null`
ret="$?"
if [ x"$list" != "x" ] ; then
for line in "$list"
do
/sbin/netlabelctl cipsov4 del "doi:$line" 2>/dev/null
ret="$?"
done
fi
return $ret
}
status() {
# Do not print status if lockfile is missing
if [ ! -f "$VAR_SUBSYS_NETLABEL" ]; then
echo $"Netlabel is stopped."
return 3
fi
# List rules
/sbin/netlabelctl -p cipsov4 list 2>/dev/null
ret1="$?"
/sbin/netlabelctl -p mgmt protocols 2>/dev/null
ret2="$?"
if [ "$ret1" != "0" -o "$ret2" != "0" ] ; then
return 2
fi
return 0
}
restart() {
stop
start
}
case "$1" in
start)
stop
start
RETVAL="$?"
;;
stop)
stop
RETVAL="$?"
;;
restart)
restart
RETVAL="$?"
;;
condrestart)
[ -e "$VAR_SUBSYS_NETLABEL" ] && restart
;;
status)
status
RETVAL="$?"
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 3
;;
esac
exit $RETVAL