## Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla ##
#### Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla") ##
#### Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t") ##
#### Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla") ##
#### Enable polyinstantiated directory support. ##
#### Allow system to run with NIS ##
#### Enable reading of urandom for all domains. ##
#### This should be enabled when all programs ## are compiled with ProPolice/SSP ## stack smashing protection. All domains will ## be allowed to read from /dev/urandom. ##
#### Allow any files/directories to be exported read/write via NFS. ##
#### Allow any files/directories to be exported read/only via NFS. ##
#### Support NFS home directories ##
#### Support SAMBA home directories ##
#### Allow users to run TCP servers (bind to ports and accept connection from ## the same domain and outside users) disabling this forces FTP passive mode ## and may change other protocols. ##
#### Allow direct login to the console device. Required for System 390 ##
#### Allow certain domains to map low memory in the kernel ##
##