git: d195f39d1dab - main - veriexec: Add option MAC_VERIEXEC_DEBUG
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 17 Apr 2023 15:47:52 UTC
The branch main has been updated by stevek: URL: https://cgit.FreeBSD.org/src/commit/?id=d195f39d1dab1b1b1781ed194e74200cfb5fbaa9 commit d195f39d1dab1b1b1781ed194e74200cfb5fbaa9 Author: Steve Kiernan <stevek@juniper.net> AuthorDate: 2023-04-02 19:46:53 +0000 Commit: Stephen J. Kiernan <stevek@FreeBSD.org> CommitDate: 2023-04-17 15:47:32 +0000 veriexec: Add option MAC_VERIEXEC_DEBUG Obtained from: Juniper Networks, Inc. --- sys/security/mac_veriexec/mac_veriexec.c | 4 +--- sys/security/mac_veriexec/mac_veriexec_internal.h | 2 +- sys/security/mac_veriexec/veriexec_metadata.c | 5 ++++- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/sys/security/mac_veriexec/mac_veriexec.c b/sys/security/mac_veriexec/mac_veriexec.c index d61943479ad6..57f3b6c307fa 100644 --- a/sys/security/mac_veriexec/mac_veriexec.c +++ b/sys/security/mac_veriexec/mac_veriexec.c @@ -67,7 +67,7 @@ #define SLOT_SET(l, v) \ mac_label_set((l), mac_veriexec_slot, (v)) -#ifdef MAC_DEBUG +#ifdef MAC_VERIEXEC_DEBUG #define MAC_VERIEXEC_DBG(_lvl, _fmt, ...) \ do { \ VERIEXEC_DEBUG((_lvl), (MAC_VERIEXEC_FULLNAME ": " _fmt \ @@ -204,10 +204,8 @@ mac_veriexec_vfs_mounted(void *arg __unused, struct mount *mp, return; SLOT_SET(mp->mnt_label, va.va_fsid); -#ifdef MAC_DEBUG MAC_VERIEXEC_DBG(3, "set fsid to %ju for mount %p", (uintmax_t)va.va_fsid, mp); -#endif } /** diff --git a/sys/security/mac_veriexec/mac_veriexec_internal.h b/sys/security/mac_veriexec/mac_veriexec_internal.h index e69f34df892e..f618ac155a83 100644 --- a/sys/security/mac_veriexec/mac_veriexec_internal.h +++ b/sys/security/mac_veriexec/mac_veriexec_internal.h @@ -41,7 +41,7 @@ #define VERIEXEC_FILES_FIRST 1 -#if defined(VERIFIED_EXEC_DEBUG) || defined(VERIFIED_EXEC_DEBUG_VERBOSE) +#ifdef MAC_VERIEXEC_DEBUG # define VERIEXEC_DEBUG(n, x) if (mac_veriexec_debug > (n)) printf x #else # define VERIEXEC_DEBUG(n, x) diff --git a/sys/security/mac_veriexec/veriexec_metadata.c b/sys/security/mac_veriexec/veriexec_metadata.c index 9e99f51e7e65..4b9cc9b3052f 100644 --- a/sys/security/mac_veriexec/veriexec_metadata.c +++ b/sys/security/mac_veriexec/veriexec_metadata.c @@ -41,6 +41,9 @@ #include <sys/mutex.h> #include <sys/proc.h> #include <sys/sbuf.h> +#ifdef MAC_VERIEXEC_DEBUG +#include <sys/syslog.h> +#endif #include <sys/vnode.h> #include "mac_veriexec.h" @@ -548,7 +551,7 @@ mac_veriexec_metadata_fetch_fingerprint_status(struct vnode *vp, break; case EAUTH: -#ifdef VERIFIED_EXEC_DEBUG_VERBOSE +#ifdef MAC_VERIEXEC_DEBUG { char have[MAXFINGERPRINTLEN * 2 + 1]; char want[MAXFINGERPRINTLEN * 2 + 1];