269acb
# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
269acb
# 
269acb
allow_execmem = false
269acb
269acb
# Allow making a modified private filemapping executable (text relocation).
269acb
# 
269acb
allow_execmod = false
269acb
269acb
# Allow making the stack executable via mprotect.Also requires allow_execmem.
269acb
# 
269acb
allow_execstack = false
269acb
269acb
# Allow ftp servers to modify public filesused for public file transfer services.
269acb
# 
269acb
allow_ftpd_anon_write = false
269acb
269acb
# Allow gssd to read temp directory.
269acb
# 
269acb
allow_gssd_read_tmp = false
269acb
269acb
# Allow sysadm to ptrace all processes
269acb
# 
269acb
allow_ptrace = false
269acb
269acb
# Allow reading of default_t files.
269acb
# 
269acb
read_default_t = false
269acb
269acb
# Allow system cron jobs to relabel filesystemfor restoring file contexts.
269acb
# 
269acb
cron_can_relabel = false
269acb
269acb
# Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)
269acb
# 
269acb
staff_read_sysadm_file = false
269acb
269acb
# Allow users to read system messages.
269acb
# 
269acb
user_dmesg = false
269acb
269acb
# Allow sysadm to ptrace all processes
269acb
# 
269acb
allow_ptrace = false
269acb
269acb
## Control users use of ping and traceroute
269acb
user_ping = true
269acb
269acb
# Allow unlabeled packets to flow
269acb
# 
269acb
allow_unlabeled_packets = true
269acb