LSM: Create CONFIG_SECURITY and disable it by default for now.

This allows the security hooks to be compiled away into nothingness if CONFIG_SECURITY
is disabled.  When disabled, the default capabilities functionality is preserved.
When enabled, security modules are allowed to be loaded.

include/linux/sched.h

@@ -596,9 +596,9 @@ extern int request_irq(unsigned int,
 		       unsigned long, const char *, void *);
 extern void free_irq(unsigned int, void *);
 
-/* capable prototype and code moved to security.[hc] */
-#include <linux/security.h>
-#if 0
+
+#ifndef CONFIG_SECURITY
+/* capable prototype and code are in security.[hc] if CONFIG_SECURITY */
 static inline int capable(int cap)
 {
 	if (cap_raised(current->cap_effective, cap)) {
@@ -607,7 +607,7 @@ static inline int capable(int cap)
 	}
 	return 0;
 }
-#endif	/* if 0 */
+#endif
 
 /*
  * Routines for handling mm_structs

security/Config.help

+CONFIG_SECURITY
+  This enables the ability to have different security modules
+  in the kernel.  If this option is not selected, the default
+  capabilities functionality will be enabled.
+
+  If you are unsure how to answer this questions, answer N.
+
 CONFIG_SECURITY_CAPABILITIES
   This enables the "default" Linux capabilities functionality.
   If you are unsure how to answer this question, answer Y.

security/Config.in

@@ -3,5 +3,5 @@
 #
 mainmenu_option next_comment
 comment 'Security options'
-define_bool CONFIG_SECURITY_CAPABILITIES y
+define_bool CONFIG_SECURITY n
 endmenu

security/Makefile

@@ -3,11 +3,15 @@
 #
 
 # Objects that export symbols
-export-objs	:= security.o
+export-objs	:= security.o capability.o
 
-# Object file lists
-obj-y		:= security.o dummy.o
+# if we don't select a security model, use the default capabilities
+ifneq ($(CONFIG_SECURITY),y)
+obj-y		+= capability.o
+endif
 
+# Object file lists
+obj-$(CONFIG_SECURITY)			+= security.o dummy.o
 obj-$(CONFIG_SECURITY_CAPABILITIES)	+= capability.o
 
 include $(TOPDIR)/Rules.make