Remove MAC kernel config files and add "options MAC" to GENERIC, with…

… the

goal of shipping 8.0 with MAC support in the default kernel.  No policies
will be compiled in or enabled by default, but it will now be possible to
load them at boot or runtime without a kernel recompile.

While the framework is not believed to impose measurable overhead when no
policies are loaded (a result of optimization over the past few months in
HEAD), we'll continue to benchmark and optimize as the release approaches.
Please keep an eye out for performance or functionality regressions that
could be a result of this change.

Approved by:	re (kensmith)
Obtained from:	TrustedBSD Project

sys/amd64/conf/GENERIC

@@ -70,6 +70,7 @@ options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
 options 	STOP_NMI		# Stop CPUS using NMI instead of IPI
 options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
 options 	AUDIT			# Security event auditing
+options 	MAC			# TrustedBSD MAC Framework
 #options 	KDTRACE_FRAME		# Ensure frames are compiled in
 #options 	KDTRACE_HOOKS		# Kernel DTrace hooks
 

sys/i386/conf/GENERIC

@@ -71,6 +71,7 @@ options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
 options 	STOP_NMI		# Stop CPUS using NMI instead of IPI
 options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
 options 	AUDIT			# Security event auditing
+options 	MAC			# TrustedBSD MAC Framework
 #options 	KDTRACE_HOOKS		# Kernel DTrace hooks
 
 # Debugging for use in -current

sys/ia64/conf/GENERIC

@@ -40,6 +40,7 @@ options 	INVARIANTS	# Enable calls of extra sanity checking
 options 	INVARIANT_SUPPORT # required by INVARIANTS
 options 	KDB		# Enable kernel debugger support
 options 	KTRACE		# ktrace(1) syscall trace support
+options 	MAC			# TrustedBSD MAC Framework
 options 	MD_ROOT		# MD usable as root device
 options 	MSDOSFS		# MSDOS Filesystem
 options 	NFSCLIENT	# Network Filesystem Client

sys/pc98/conf/GENERIC

@@ -73,6 +73,7 @@ options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
 options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
 options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
 options 	AUDIT			# Security event auditing
+options 	MAC			# TrustedBSD MAC Framework
 
 # Debugging for use in -current
 options 	KDB			# Enable kernel debugger support.

sys/powerpc/conf/GENERIC

@@ -64,6 +64,7 @@ options 	SYSVSEM			#SYSV-style semaphores
 options 	_KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions
 options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
 options 	AUDIT			# Security event auditing
+options 	MAC			# TrustedBSD MAC Framework
 
 # Debugging for use in -current
 options 	KDB			#Enable the kernel debugger

sys/sparc64/conf/GENERIC

@@ -65,6 +65,7 @@ options 	SYSVSEM			# SYSV-style semaphores
 options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
 options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
 options 	AUDIT			# Security event auditing
+options 	MAC			# TrustedBSD MAC Framework
 
 # Debugging for use in -current
 options 	KDB			# Enable kernel debugger support.

sys/sun4v/conf/GENERIC

@@ -66,6 +66,7 @@ options 	AHC_REG_PRETTY_PRINT	# Print register bitfields in debug
 options 	PRINTF_BUFR_SIZE=128	# Prevent printf output being interspersed.
 options 	HWPMC_HOOKS		# Necessary kernel hooks for hwpmc(4)
 options 	AUDIT			# Security event auditing
+options 	MAC			# TrustedBSD MAC Framework
 
 # Debugging for use in -current
 options 	KDB			# Enable kernel debugger support.