selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE (be6ec88f) · Commits · 戴 / test

security/selinux/Kconfig

+0 −15

Original line number	Original line	Diff line number	Diff line
	@@ -22,21 +22,6 @@ config SECURITY_SELINUX_BOOTPARAM

	If you are unsure how to answer this question, answer N.		If you are unsure how to answer this question, answer N.

	config SECURITY_SELINUX_BOOTPARAM_VALUE
	int "NSA SELinux boot parameter default value"
	depends on SECURITY_SELINUX_BOOTPARAM
	range 0 1
	default 1
	help
	This option sets the default value for the kernel parameter
	'selinux', which allows SELinux to be disabled at boot. If this
	option is set to 0 (zero), the SELinux kernel parameter will
	default to 0, disabling SELinux at bootup. If this option is
	set to 1 (one), the SELinux kernel parameter will default to 1,
	enabling SELinux at bootup.

	If you are unsure how to answer this question, answer 1.

	config SECURITY_SELINUX_DISABLE		config SECURITY_SELINUX_DISABLE
	bool "NSA SELinux runtime disable"		bool "NSA SELinux runtime disable"
	depends on SECURITY_SELINUX		depends on SECURITY_SELINUX

+1 −4

Original line number	Original line	Diff line number	Diff line
	@@ -121,9 +121,8 @@ __setup("enforcing=", enforcing_setup);
	#define selinux_enforcing_boot 1		#define selinux_enforcing_boot 1
	#endif		#endif

			int selinux_enabled __lsm_ro_after_init = 1;
	#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM		#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
	int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;

	static int __init selinux_enabled_setup(char *str)		static int __init selinux_enabled_setup(char *str)
	{		{
	unsigned long enabled;		unsigned long enabled;
	@@ -132,8 +131,6 @@ static int __init selinux_enabled_setup(char *str)
	return 1;		return 1;
	}		}
	__setup("selinux=", selinux_enabled_setup);		__setup("selinux=", selinux_enabled_setup);
	#else
	int selinux_enabled = 1;
	#endif		#endif

	static unsigned int selinux_checkreqprot_boot =		static unsigned int selinux_checkreqprot_boot =