Feature request: secadm_enable="YES" to always load kernel module #42
Description
I need secadm in one of my jails. My problem: I thought I did everything necessary, but secadm was not enabled after reboot. This is not a bug, but it is not what I expected:
- I installed secadm and secadm-kmod on the host and secadm in the jail.
- I set
secadm_enable="YES"in both, the host's and the jail's/etc/rc.conf. - I added the needed rules under
/usr/local/etc/secadm.rulesin the jail - I rebooted
But the rules were not enforced. The problem seems to be that because there is not /usr/local/etc/secadm.rules file on the host, secadm_enable="YES" does not even load the kernel module, which would be needed for secadm in the jail.
My suggestion: Either let secadm_enable="YES" load the kernel module even if no rules file exist. OR provide an empty set of rules with the secadm packages if none exists already.
I now added secadm_load="YES" to /boot/loader.conf to ensure that the kernel module is always loaded.