#!/bin/bash

### BEGIN INIT INFO
# Provides:          grsec-init
# Required-Start:    
# Required-Stop:     
# Default-Start:     2 3 4 5
# Default-Stop:
# Short-Description: Init grsecurity
# Description:       Init grsecurity parameters and kernel module loading
#		     at the start of the init process
### END INIT INFO

function grsec_chr_init()
{
		MODE=1
		if [ "$1" == "0" ]; then
			MODE=0
		fi
		CHROPTS=`sysctl -aN 2>/dev/null |grep "kernel.grsecurity.chroot"`
		for CHROPT in $CHROPTS; do
			if [ "$CHROPT" == "kernel.grsecurity.chroot_caps" ]; then
				sysctl -q -w $CHROPT=0
			elif [ "$CHROPT" == "kernel.grsecurity.chroot_deny_bad_rename" ]; then
				sysctl -q -w $CHROPT=0
			else
				sysctl -q -w $CHROPT=$MODE
			fi
		done
}


case $1 in
	start|restart|reload)
		echo "grsec-init: Setting up grsecurity chroot enforcements..."
		grsec_chr_init 1
	;;
	suspend)
		echo "grsec-init: Suspending grsecurity chroot enforcements..."
		grsec_chr_init 0
		echo "grsec-init: DON'T FORGET TO RESTART!"
	;;
	*)
		echo "grsec-init: nothing to do"
	;;
esac