Daniel J Walsh 269acb
# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
Daniel J Walsh 269acb
# 
Daniel J Walsh 269acb
allow_execmem = false
Daniel J Walsh 269acb
Daniel J Walsh 269acb
# Allow making a modified private filemapping executable (text relocation).
Daniel J Walsh 269acb
# 
Daniel J Walsh 269acb
allow_execmod = false
Daniel J Walsh 269acb
Daniel J Walsh 269acb
# Allow making the stack executable via mprotect.Also requires allow_execmem.
Daniel J Walsh 269acb
# 
Daniel J Walsh 269acb
allow_execstack = false
Daniel J Walsh 269acb
Daniel J Walsh 269acb
# Allow ftp servers to modify public filesused for public file transfer services.
Daniel J Walsh 269acb
# 
Daniel J Walsh 269acb
allow_ftpd_anon_write = false
Daniel J Walsh 269acb
Daniel J Walsh 269acb
# Allow gssd to read temp directory.
Daniel J Walsh 269acb
# 
Daniel J Walsh 269acb
allow_gssd_read_tmp = false
Daniel J Walsh 269acb
Daniel J Walsh 269acb
# Allow sysadm to ptrace all processes
Daniel J Walsh 269acb
# 
Daniel J Walsh 269acb
allow_ptrace = false
Daniel J Walsh 269acb
Daniel J Walsh 269acb
# Allow reading of default_t files.
Daniel J Walsh 269acb
# 
Daniel J Walsh 269acb
read_default_t = false
Daniel J Walsh 269acb
Daniel J Walsh 269acb
# Allow system cron jobs to relabel filesystemfor restoring file contexts.
Daniel J Walsh 269acb
# 
Daniel J Walsh 269acb
cron_can_relabel = false
Daniel J Walsh 269acb
Daniel J Walsh 269acb
# Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)
Daniel J Walsh 269acb
# 
Daniel J Walsh 269acb
staff_read_sysadm_file = false
Daniel J Walsh 269acb
Daniel J Walsh 269acb
# Allow users to read system messages.
Daniel J Walsh 269acb
# 
Daniel J Walsh 269acb
user_dmesg = false
Daniel J Walsh 269acb
Daniel J Walsh 269acb
# Allow sysadm to ptrace all processes
Daniel J Walsh 269acb
# 
Daniel J Walsh 269acb
allow_ptrace = false
Daniel J Walsh 269acb
Daniel J Walsh 269acb
## Control users use of ping and traceroute
Daniel J Walsh 269acb
user_ping = true
Daniel J Walsh 269acb
Daniel J Walsh 269acb
# Allow unlabeled packets to flow
Daniel J Walsh 269acb
# 
Daniel J Walsh 269acb
allow_unlabeled_packets = true
Daniel J Walsh 269acb