269acb5
# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
269acb5
# 
269acb5
allow_execmem = false
269acb5
269acb5
# Allow making a modified private filemapping executable (text relocation).
269acb5
# 
269acb5
allow_execmod = false
269acb5
269acb5
# Allow making the stack executable via mprotect.Also requires allow_execmem.
269acb5
# 
269acb5
allow_execstack = false
269acb5
269acb5
# Allow ftp servers to modify public filesused for public file transfer services.
269acb5
# 
269acb5
allow_ftpd_anon_write = false
269acb5
269acb5
# Allow gssd to read temp directory.
269acb5
# 
269acb5
allow_gssd_read_tmp = false
269acb5
269acb5
# Allow sysadm to ptrace all processes
269acb5
# 
269acb5
allow_ptrace = false
269acb5
269acb5
# Allow reading of default_t files.
269acb5
# 
269acb5
read_default_t = false
269acb5
269acb5
# Allow system cron jobs to relabel filesystemfor restoring file contexts.
269acb5
# 
269acb5
cron_can_relabel = false
269acb5
269acb5
# Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)
269acb5
# 
269acb5
staff_read_sysadm_file = false
269acb5
269acb5
# Allow users to read system messages.
269acb5
# 
269acb5
user_dmesg = false
269acb5
269acb5
# Allow sysadm to ptrace all processes
269acb5
# 
269acb5
allow_ptrace = false
269acb5
269acb5
## Control users use of ping and traceroute
269acb5
user_ping = true
269acb5
269acb5
# Allow unlabeled packets to flow
269acb5
# 
269acb5
allow_unlabeled_packets = true
269acb5