diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables
index 3571a4a..a8173b4 100644
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@@ -1,118 +1,82 @@
-##
-## Allow execution of anonymous mappings, e.g. executable stack.
-##
+#
+# This file is for the declaration of global booleans and tunables.
+# To change the default value at build time, the tunables.conf
+# file should be used.
+#
+
+## Allow execution of anonymous mappings, e.g. executable stack.
gen_tunable(allow_execmem,false)
-##
-## Support Share libraries with text relocations
-##
+## Support Share libraries with text relocations
gen_tunable(allow_execmod,false)
-##
-## Allow gpg executable stack
-##
+## Allow gpg executable stack
gen_tunable(allow_gpg_execstack,false)
-##
-## Allow system to run with kerberos
-##
+## Allow system to run with kerberos
gen_tunable(allow_kerberos,false)
-##
-## Allow system to run with NIS
-##
+## Allow system to run with NIS
gen_tunable(allow_ypbind,false)
-##
-## Allow system cron jobs to relabel filesystem
-## for restoring file contexts.
-##
+## Allow system cron jobs to relabel filesystem
+## for restoring file contexts.
gen_tunable(cron_can_relabel,false)
-##
-## Enable extra rules in the cron domain
-## to support fcron.
-##
+## Enable extra rules in the cron domain
+## to support fcron.
gen_tunable(fcron_crond,false)
-##
-## Allow reading of default_t files.
-##
+## Allow reading of default_t files.
gen_tunable(read_default_t,false)
## Allow ssh to run from inetd instead of as a daemon.
gen_tunable(run_ssh_inetd,false)
-##
-## Enabling secure mode disallows programs, such as
-## newrole, from transitioning to administrative
-## user domains.
-##
+## Enabling secure mode disallows programs, such as
+## newrole, from transitioning to administrative
+## user domains.
gen_bool(secure_mode,false)
## Allow ssh logins as sysadm_r:sysadm_t
gen_tunable(ssh_sysadm_login,false)
-##
-## Allow staff_r users to search the sysadm home
-## dir and read files (such as ~/.bashrc)
-##
+## Allow staff_r users to search the sysadm home
+## dir and read files (such as ~/.bashrc)
gen_tunable(staff_read_sysadm_file,false)
-##
-## Allow the use of DNS for name resolution.
-##
+## Allow the use of DNS for name resolution.
gen_tunable(use_dns,false)
-##
-## Support NFS home directories
-##
+## Support NFS home directories
gen_tunable(use_nfs_home_dirs,false)
-##
-## Support SAMBA home directories
-##
+## Support SAMBA home directories
gen_tunable(use_samba_home_dirs,false)
-##
-## Allow regular users direct mouse access
-##
+## Allow regular users direct mouse access
gen_tunable(user_direct_mouse,false)
-##
-## Allow users to read system messages.
-##
+## Allow users to read system messages.
gen_tunable(user_dmesg,false)
-##
-## Allow users to control network interfaces
-## (also needs USERCTL=true)
-##
+## Allow users to control network interfaces
+## (also needs USERCTL=true)
gen_tunable(user_net_control,false)
-##
-## Control users use of ping and traceroute
-##
+## Control users use of ping and traceroute
gen_tunable(user_ping,false)
-##
-## Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)
-##
+## Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)
gen_tunable(user_rw_noexattrfile,false)
-##
-## Allow users to rw usb devices
-##
+## Allow users to rw usb devices
gen_tunable(user_rw_usb,false)
-##
-## Allow users to run TCP servers (bind to ports and accept connection from
-## the same domain and outside users) disabling this forces FTP passive mode
-## and may change other protocols.
-##
+## Allow users to run TCP servers (bind to ports and accept connection from
+## the same domain and outside users) disabling this forces FTP passive mode
+## and may change other protocols.
gen_tunable(user_tcp_server,false)
-##
-## Allow w to display everyone
-##
+## Allow w to display everyone
gen_tunable(user_ttyfile_stat,false)