Index: stable/10/etc/rc.d/ugidfw
===================================================================
--- stable/10/etc/rc.d/ugidfw	(revision 289248)
+++ stable/10/etc/rc.d/ugidfw	(revision 289249)
@@ -1,42 +1,51 @@
 #!/bin/sh
 #
 # $FreeBSD$
 
 # PROVIDE: ugidfw
+# REQUIRE: FILESYSTEMS
 # BEFORE: LOGIN
 # KEYWORD: nojail shutdown
 
 . /etc/rc.subr
 
 name="ugidfw"
 rcvar="ugidfw_enable"
 start_cmd="ugidfw_start"
 stop_cmd="ugidfw_stop"
 required_modules="mac_bsdextended"
 
 ugidfw_load()
 {
 	if [ -r "${bsdextended_script}" ]; then
 		. "${bsdextended_script}"
 	fi
 }
 
 ugidfw_start()
 {
 	[ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended
 
 	if [ -r "${bsdextended_script}" ]; then
 		ugidfw_load
 		echo "MAC bsdextended rules loaded."
 	fi
 }
 
 ugidfw_stop()
 {
+	local rulecount
+
 	# Disable the policy
 	#
-	kldunload mac_bsdextended
+	# Check for the existence of rules and flush them if needed.
+	rulecount=$(sysctl -in security.mac.bsdextended.rule_count)
+	if [ ${rulecount:-0} -gt 0 ]; then
+		ugidfw list | sed -n '2,$p' | cut -d ' ' -f 1 | sort -r -n |
+		    xargs -n 1 ugidfw remove
+		echo "MAC bsdextended rules flushed."
+	fi
 }
 
 load_rc_config $name
 run_rc_command "$1"
Index: stable/10
===================================================================
--- stable/10	(revision 289248)
+++ stable/10	(revision 289249)

Property changes on: stable/10
___________________________________________________________________
Modified: svn:mergeinfo
## -0,0 +0,1 ##
   Merged /head:r288390