Module Name:	src
Committed By:	elad
Date:		Thu May 19 20:16:19 UTC 2005

Modified Files:
	src/lib/libc/gen: sysctl.3
	src/sbin/sysctl: sysctl.8
	src/sys/compat/netbsd32: netbsd32_execve.c
	src/sys/dev: verified_exec.c
	src/sys/kern: exec_script.c init_sysctl.c kern_verifiedexec.c
	src/sys/sys: sysctl.h verified_exec.h

Log Message:
Some changes in veriexec.

New features:

  - Add a veriexec_report() routine to make most reporting consistent and
    remove some common code.
  - Add 'strict' mode that controls how veriexec behaves.
  - Add sysctl knobs:
     o kern.veriexec.verbose controls verbosity levels. Value: 0, 1.
     o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See
       documentation in sysctl(3) for details.
     o kern.veriexec.algorithms returns a string with a space separated
       list of supported hashing algorithms in veriexec.
  - Updated documentation in man pages for sysctl(3) and sysctl(8).

Bug fixes:

  - veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL
    correctly.
  - exec_script(): Don't pass 0 as flag when executing a script; use the
    defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution
    enforcement work.
  - Fix some printing formats and types..


To generate a diff of this commit:
cvs rdiff -r1.146 -r1.147 src/lib/libc/gen/sysctl.3
cvs rdiff -r1.118 -r1.119 src/sbin/sysctl/sysctl.8
cvs rdiff -r1.20 -r1.21 src/sys/compat/netbsd32/netbsd32_execve.c
cvs rdiff -r1.7 -r1.8 src/sys/dev/verified_exec.c
cvs rdiff -r1.38 -r1.39 src/sys/kern/exec_script.c
cvs rdiff -r1.37 -r1.38 src/sys/kern/init_sysctl.c
cvs rdiff -r1.14 -r1.15 src/sys/kern/kern_verifiedexec.c
cvs rdiff -r1.133 -r1.134 src/sys/sys/sysctl.h
cvs rdiff -r1.7 -r1.8 src/sys/sys/verified_exec.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.