| VERIEXEC(4) | Kernel Interfaces Manual | VERIEXEC(4) | 
The veriexec pseudo-device is used to load and delete entries to and from the in-kernel Veriexec databases, as well as query information about them. It can also be used to dump the entire database.
The dictionary passed contains the following elements:
| Name | Type | Purpose | 
| file | string | filename for this entry | 
| entry-type | uint8 | entry type (see below) | 
| fp-type | string | fingerprint hashing algorithm | 
| fp | data | the fingerprint | 
“entry-type” can be one or more (binary-OR'd) of the following:
| Type | Effect | 
| VERIEXEC_DIRECT | can execute directly | 
| VERIEXEC_INDIRECT | can execute indirectly (interpreter, mmap(2)) | 
| VERIEXEC_FILE | can be opened | 
| VERIEXEC_UNTRUSTED | located on untrusted storage | 
The dictionary passed contains the following elements:
| Name | Type | Purpose | 
| file | string | filename or mount-point | 
Only files that the filename is kept for them will be dumped. The returned array contains dictionaries with the following elements:
| Name | Type | Purpose | 
| file | string | filename | 
| fp-type | string | fingerprint hashing algorithm | 
| fp | data | the fingerprint | 
| entry-type | uint8 | entry type (see above) | 
This command has no parameters.
The dictionary passed contains the following elements:
| Name | Type | Purpose | 
| file | string | filename | 
The dictionary returned contains the following elements:
| Name | Type | Purpose | 
| entry-type | uint8 | entry type (see above) | 
| status | uint8 | entry status | 
| fp-type | string | fingerprint hashing algorithm | 
| fp | data | the fingerprint | 
“status” can be one of the following:
| Status | Meaning | 
| FINGERPRINT_NOTEVAL | not evaluated | 
| FINGERPRINT_VALID | fingerprint match | 
| FINGERPRINT_MISMATCH | fingerprint mismatch | 
Note that the requests VERIEXEC_LOAD, VERIEXEC_DELETE, and VERIEXEC_FLUSH are not permitted once the strict level has been raised past 0.
| March 19, 2011 | NetBSD 7.0 |