# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack. # allow_execmem = false # Allow making a modified private filemapping executable (text relocation). # allow_execmod = false # Allow making the stack executable via mprotect.Also requires allow_execmem. # allow_execstack = false # Allow ftp servers to modify public filesused for public file transfer services. # allow_ftpd_anon_write = false # Allow gssd to read temp directory. # allow_gssd_read_tmp = false # Allow sysadm to ptrace all processes # allow_ptrace = false # Allow reading of default_t files. # read_default_t = false # Allow system cron jobs to relabel filesystemfor restoring file contexts. # cron_can_relabel = false # Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc) # staff_read_sysadm_file = false # Allow users to read system messages. # user_dmesg = false # Allow sysadm to ptrace all processes # allow_ptrace = false ## Control users use of ping and traceroute user_ping = true # Allow unlabeled packets to flow # allow_unlabeled_packets = true