git: 894bcc876da9 - main - sys/modules/Makefile: conditionally add MAC/veriexec modules
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 17 Apr 2023 00:25:49 UTC
The branch main has been updated by stevek:
URL: https://cgit.FreeBSD.org/src/commit/?id=894bcc876da9390a02789dba31ab5ec5ec90bc33
commit 894bcc876da9390a02789dba31ab5ec5ec90bc33
Author: Stephen J. Kiernan <stevek@FreeBSD.org>
AuthorDate: 2023-04-16 23:36:07 +0000
Commit: Stephen J. Kiernan <stevek@FreeBSD.org>
CommitDate: 2023-04-17 00:24:54 +0000
sys/modules/Makefile: conditionally add MAC/veriexec modules
Only build MAC/veriexec modules when MK_VERIEXEC is yes or we
are building all modules.
Add VERIEXEC knob to kernel __DEFAULT_NO_OPTIONS
Reviewed by: sjg
Obtained from: Juniper Networks, Inc.
---
sys/conf/kern.opts.mk | 3 ++-
sys/modules/Makefile | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/sys/conf/kern.opts.mk b/sys/conf/kern.opts.mk
index 35ce97fae633..53992a31d07c 100644
--- a/sys/conf/kern.opts.mk
+++ b/sys/conf/kern.opts.mk
@@ -62,7 +62,8 @@ __DEFAULT_NO_OPTIONS = \
INIT_ALL_ZERO \
KERNEL_RETPOLINE \
RATELIMIT \
- REPRODUCIBLE_BUILD
+ REPRODUCIBLE_BUILD \
+ VERIEXEC
# Some options are totally broken on some architectures. We disable
# them. If you need to enable them on an experimental basis, you
diff --git a/sys/modules/Makefile b/sys/modules/Makefile
index 71e0be4cce2c..df47f5bf4652 100644
--- a/sys/modules/Makefile
+++ b/sys/modules/Makefile
@@ -588,12 +588,14 @@ _mac_priority= mac_priority
_mac_seeotheruids= mac_seeotheruids
_mac_stub= mac_stub
_mac_test= mac_test
+.if ${MK_VERIEXEC} != "no" || defined(ALL_MODULES)
_mac_veriexec= mac_veriexec
_mac_veriexec_sha1= mac_veriexec_sha1
_mac_veriexec_sha256= mac_veriexec_sha256
_mac_veriexec_sha384= mac_veriexec_sha384
_mac_veriexec_sha512= mac_veriexec_sha512
.endif
+.endif
.if ${MK_NETGRAPH} != "no" || defined(ALL_MODULES)
_netgraph= netgraph