From: Chris Wright <chrisw@osdl.org>

Add configure option for setting default SELinux bootparam value.  Ack'd by
James Morris.

Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/security/selinux/Kconfig |   15 +++++++++++++++
 25-akpm/security/selinux/hooks.c |    2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff -puN security/selinux/hooks.c~configurable-selinux-bootparam-value security/selinux/hooks.c
--- 25/security/selinux/hooks.c~configurable-selinux-bootparam-value	2004-08-15 17:32:07.766901768 -0700
+++ 25-akpm/security/selinux/hooks.c	2004-08-15 17:32:07.774900552 -0700
@@ -87,7 +87,7 @@ __setup("enforcing=", enforcing_setup);
 #endif
 
 #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
-int selinux_enabled = 1;
+int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
 
 static int __init selinux_enabled_setup(char *str)
 {
diff -puN security/selinux/Kconfig~configurable-selinux-bootparam-value security/selinux/Kconfig
--- 25/security/selinux/Kconfig~configurable-selinux-bootparam-value	2004-08-15 17:32:07.767901616 -0700
+++ 25-akpm/security/selinux/Kconfig	2004-08-15 17:32:07.771901008 -0700
@@ -24,6 +24,21 @@ config SECURITY_SELINUX_BOOTPARAM
 
 	  If you are unsure how to answer this question, answer N.
 
+config SECURITY_SELINUX_BOOTPARAM_VALUE
+	int "NSA SELinux boot parameter default value"
+	depends on SECURITY_SELINUX_BOOTPARAM
+	range 0 1
+	default 1
+	help
+	  This option sets the default value for the kernel parameter
+	  'selinux', which allows SELinux to be disabled at boot.  If this
+	  option is set to 0 (zero), the SELinux kernel parameter will
+	  default to 0, disabling SELinux at bootup.  If this option is
+	  set to 1 (one), the SELinux kernel paramater will default to 1,
+	  enabling SELinux at bootup.
+
+	  If you are unsure how to answer this question, answer 1.
+
 config SECURITY_SELINUX_DISABLE
 	bool "NSA SELinux runtime disable"
 	depends on SECURITY_SELINUX
_