aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Kiernan <stevek@juniper.net>2023-04-02 19:46:53 +0000
committerStephen J. Kiernan <stevek@FreeBSD.org>2023-04-17 15:47:32 +0000
commitd195f39d1dab1b1b1781ed194e74200cfb5fbaa9 (patch)
tree8eec8ccbfaf4d636ed087b511d5d88a99a0efaf8
parent8c3e263dc1e1deb5e76b794943337404841410ee (diff)
downloadsrc-d195f39d1dab1b1b1781ed194e74200cfb5fbaa9.tar.gz
src-d195f39d1dab1b1b1781ed194e74200cfb5fbaa9.zip
veriexec: Add option MAC_VERIEXEC_DEBUG
Obtained from: Juniper Networks, Inc.
Diffstat
-rw-r--r--sys/security/mac_veriexec/mac_veriexec.c4
-rw-r--r--sys/security/mac_veriexec/mac_veriexec_internal.h2
-rw-r--r--sys/security/mac_veriexec/veriexec_metadata.c5
3 files changed, 6 insertions, 5 deletions
diff --git a/sys/security/mac_veriexec/mac_veriexec.c b/sys/security/mac_veriexec/mac_veriexec.c
index d61943479ad6..57f3b6c307fa 100644
--- a/sys/security/mac_veriexec/mac_veriexec.c
+++ b/sys/security/mac_veriexec/mac_veriexec.c
@@ -67,7 +67,7 @@
#define SLOT_SET(l, v) \
mac_label_set((l), mac_veriexec_slot, (v))
-#ifdef MAC_DEBUG
+#ifdef MAC_VERIEXEC_DEBUG
#define MAC_VERIEXEC_DBG(_lvl, _fmt, ...) \
do { \
VERIEXEC_DEBUG((_lvl), (MAC_VERIEXEC_FULLNAME ": " _fmt \
@@ -204,10 +204,8 @@ mac_veriexec_vfs_mounted(void *arg __unused, struct mount *mp,
return;
SLOT_SET(mp->mnt_label, va.va_fsid);
-#ifdef MAC_DEBUG
MAC_VERIEXEC_DBG(3, "set fsid to %ju for mount %p",
(uintmax_t)va.va_fsid, mp);
-#endif
}
/**
diff --git a/sys/security/mac_veriexec/mac_veriexec_internal.h b/sys/security/mac_veriexec/mac_veriexec_internal.h
index e69f34df892e..f618ac155a83 100644
--- a/sys/security/mac_veriexec/mac_veriexec_internal.h
+++ b/sys/security/mac_veriexec/mac_veriexec_internal.h
@@ -41,7 +41,7 @@
#define VERIEXEC_FILES_FIRST 1
-#if defined(VERIFIED_EXEC_DEBUG) || defined(VERIFIED_EXEC_DEBUG_VERBOSE)
+#ifdef MAC_VERIEXEC_DEBUG
# define VERIEXEC_DEBUG(n, x) if (mac_veriexec_debug > (n)) printf x
#else
# define VERIEXEC_DEBUG(n, x)
diff --git a/sys/security/mac_veriexec/veriexec_metadata.c b/sys/security/mac_veriexec/veriexec_metadata.c
index 9e99f51e7e65..4b9cc9b3052f 100644
--- a/sys/security/mac_veriexec/veriexec_metadata.c
+++ b/sys/security/mac_veriexec/veriexec_metadata.c
@@ -41,6 +41,9 @@
#include <sys/mutex.h>
#include <sys/proc.h>
#include <sys/sbuf.h>
+#ifdef MAC_VERIEXEC_DEBUG
+#include <sys/syslog.h>
+#endif
#include <sys/vnode.h>
#include "mac_veriexec.h"
@@ -548,7 +551,7 @@ mac_veriexec_metadata_fetch_fingerprint_status(struct vnode *vp,
break;
case EAUTH:
-#ifdef VERIFIED_EXEC_DEBUG_VERBOSE
+#ifdef MAC_VERIEXEC_DEBUG
{
char have[MAXFINGERPRINTLEN * 2 + 1];
char want[MAXFINGERPRINTLEN * 2 + 1];
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-20 17:06:23 +0000