diff options
| author | Stephen J. Kiernan <stevek@FreeBSD.org> | 2023-04-16 23:36:07 +0000 |
|---|---|---|
| committer | Stephen J. Kiernan <stevek@FreeBSD.org> | 2023-04-17 00:24:54 +0000 |
| commit | 894bcc876da9390a02789dba31ab5ec5ec90bc33 (patch) | |
| tree | ff7e96439cc262bc564ca7f9a7e0df34737fb7b9 | |
| parent | 2e6a433811fb09e644d8105d4654bcce27f84905 (diff) | |
| download | src-894bcc876da9390a02789dba31ab5ec5ec90bc33.tar.gz src-894bcc876da9390a02789dba31ab5ec5ec90bc33.zip | |
sys/modules/Makefile: conditionally add MAC/veriexec modules
Only build MAC/veriexec modules when MK_VERIEXEC is yes or we
are building all modules.
Add VERIEXEC knob to kernel __DEFAULT_NO_OPTIONS
Reviewed by: sjg
Obtained from: Juniper Networks, Inc.
| -rw-r--r-- | sys/conf/kern.opts.mk | 3 | ||||
| -rw-r--r-- | sys/modules/Makefile | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/sys/conf/kern.opts.mk b/sys/conf/kern.opts.mk index 35ce97fae633..53992a31d07c 100644 --- a/sys/conf/kern.opts.mk +++ b/sys/conf/kern.opts.mk @@ -62,7 +62,8 @@ __DEFAULT_NO_OPTIONS = \ INIT_ALL_ZERO \ KERNEL_RETPOLINE \ RATELIMIT \ - REPRODUCIBLE_BUILD + REPRODUCIBLE_BUILD \ + VERIEXEC # Some options are totally broken on some architectures. We disable # them. If you need to enable them on an experimental basis, you diff --git a/sys/modules/Makefile b/sys/modules/Makefile index 71e0be4cce2c..df47f5bf4652 100644 --- a/sys/modules/Makefile +++ b/sys/modules/Makefile @@ -588,12 +588,14 @@ _mac_priority= mac_priority _mac_seeotheruids= mac_seeotheruids _mac_stub= mac_stub _mac_test= mac_test +.if ${MK_VERIEXEC} != "no" || defined(ALL_MODULES) _mac_veriexec= mac_veriexec _mac_veriexec_sha1= mac_veriexec_sha1 _mac_veriexec_sha256= mac_veriexec_sha256 _mac_veriexec_sha384= mac_veriexec_sha384 _mac_veriexec_sha512= mac_veriexec_sha512 .endif +.endif .if ${MK_NETGRAPH} != "no" || defined(ALL_MODULES) _netgraph= netgraph |