# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
#
allow_execmem = false
# Allow making a modified private filemapping executable (text relocation).
#
allow_execmod = false
# Allow making the stack executable via mprotect.Also requires allow_execmem.
#
allow_execstack = false
# Allow ftp servers to modify public filesused for public file transfer services.
#
allow_ftpd_anon_write = false
# Allow gssd to read temp directory.
#
allow_gssd_read_tmp = false
# Allow sysadm to ptrace all processes
#
allow_ptrace = false
# Allow reading of default_t files.
#
read_default_t = false
# Allow system cron jobs to relabel filesystemfor restoring file contexts.
#
cron_can_relabel = false
# Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)
#
staff_read_sysadm_file = false
# Allow users to read system messages.
#
user_dmesg = false
# Allow sysadm to ptrace all processes
#
allow_ptrace = false
## Control users use of ping and traceroute
user_ping = true
# Allow unlabeled packets to flow
#
allow_unlabeled_packets = true