Comment 3 for bug 1813721

Turning this option off is only significant in 4.12 kernels and newer, where the LSM hooks make use of __ro_after_init if CONFIG_SECURITY_SELINUX_DISABLE is disabled.

Per the discussion on the kernel-team list (https://lists.ubuntu.com/archives/kernel-team/2019-July/102026.html), I've made sure the test won't fail for kernels older than 4.12 regardless of whether CONFIG_SECURITY_SELINUX_DISABLE is set or unset: https://git.launchpad.net/qa-regression-testing/commit/?id=3a1752a5f5743fb330336b4d01f0a6a4200fe31f

Thanks.