Blob Blame Raw
# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
# 
allow_execmem = false

# Allow making a modified private filemapping executable (text relocation).
# 
allow_execmod = false

# Allow making the stack executable via mprotect.Also requires allow_execmem.
# 
allow_execstack = false

# Allow ftp servers to modify public filesused for public file transfer services.
# 
allow_ftpd_anon_write = false

# Allow gssd to read temp directory.
# 
allow_gssd_read_tmp = false

# Allow sysadm to ptrace all processes
# 
allow_ptrace = false

# Allow reading of default_t files.
# 
read_default_t = false

# Allow system cron jobs to relabel filesystemfor restoring file contexts.
# 
cron_can_relabel = false

# Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)
# 
staff_read_sysadm_file = false

# Allow users to read system messages.
# 
user_dmesg = false

# Allow sysadm to ptrace all processes
# 
allow_ptrace = false

## Control users use of ping and traceroute
user_ping = true

# Allow unlabeled packets to flow
# 
allow_unlabeled_packets = true