If manifest signature can be verified, its content
is fed to mac_veriexec.
Options for querying and setting state as well
as testing files for verification status.
Right now this tool supports a couple of mac_veriexec features
which are not yet in FreeBSD.
It also allows for version skew between kernel and
Some of the resulting ifdef's can hopefully be removed before