Subject: CVS commit: [netbsd-3] src/sys
To: None <source-changes@NetBSD.org>
From: Matthias Scheler <tron@netbsd.org>
List: source-changes
Date: 06/10/2005 15:10:10
Module Name:	src
Committed By:	tron
Date:		Fri Jun 10 15:10:10 UTC 2005

Modified Files:
	src/sys/dev [netbsd-3]: verified_exec.c
	src/sys/sys [netbsd-3]: verified_exec.h

Log Message:
Pull up revision 1.8 (requested by elad in ticket #389):
Some changes in veriexec.
New features:
- Add a veriexec_report() routine to make most reporting consistent and
remove some common code.
- Add 'strict' mode that controls how veriexec behaves.
- Add sysctl knobs:
o kern.veriexec.verbose controls verbosity levels. Value: 0, 1.
o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See
documentation in sysctl(3) for details.
o kern.veriexec.algorithms returns a string with a space separated
list of supported hashing algorithms in veriexec.
- Updated documentation in man pages for sysctl(3) and sysctl(8).
Bug fixes:
- veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL
correctly.
- exec_script(): Don't pass 0 as flag when executing a script; use the
defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution
enforcement work.
- Fix some printing formats and types..


To generate a diff of this commit:
cvs rdiff -r1.5.2.1 -r1.5.2.2 src/sys/dev/verified_exec.c
cvs rdiff -r1.6 -r1.6.2.1 src/sys/sys/verified_exec.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.