From: Chris Wright Add configure option for setting default SELinux bootparam value. Ack'd by James Morris. Signed-off-by: Chris Wright Signed-off-by: Andrew Morton --- 25-akpm/security/selinux/Kconfig | 15 +++++++++++++++ 25-akpm/security/selinux/hooks.c | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff -puN security/selinux/hooks.c~configurable-selinux-bootparam-value security/selinux/hooks.c --- 25/security/selinux/hooks.c~configurable-selinux-bootparam-value 2004-08-15 17:32:07.766901768 -0700 +++ 25-akpm/security/selinux/hooks.c 2004-08-15 17:32:07.774900552 -0700 @@ -87,7 +87,7 @@ __setup("enforcing=", enforcing_setup); #endif #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM -int selinux_enabled = 1; +int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; static int __init selinux_enabled_setup(char *str) { diff -puN security/selinux/Kconfig~configurable-selinux-bootparam-value security/selinux/Kconfig --- 25/security/selinux/Kconfig~configurable-selinux-bootparam-value 2004-08-15 17:32:07.767901616 -0700 +++ 25-akpm/security/selinux/Kconfig 2004-08-15 17:32:07.771901008 -0700 @@ -24,6 +24,21 @@ config SECURITY_SELINUX_BOOTPARAM If you are unsure how to answer this question, answer N. +config SECURITY_SELINUX_BOOTPARAM_VALUE + int "NSA SELinux boot parameter default value" + depends on SECURITY_SELINUX_BOOTPARAM + range 0 1 + default 1 + help + This option sets the default value for the kernel parameter + 'selinux', which allows SELinux to be disabled at boot. If this + option is set to 0 (zero), the SELinux kernel parameter will + default to 0, disabling SELinux at bootup. If this option is + set to 1 (one), the SELinux kernel paramater will default to 1, + enabling SELinux at bootup. + + If you are unsure how to answer this question, answer 1. + config SECURITY_SELINUX_DISABLE bool "NSA SELinux runtime disable" depends on SECURITY_SELINUX _