false
Deny user domains applications to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla
false
Deny any process from ptracing or debugging any other processes.
false
Enable reading of urandom for all domains.
This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom.
true
Allow logging in and using the system from /dev/console.
false
Allow the mount commands to mount any directory or file.
false
Allow any files/directories to be exported read/only via NFS.
false
Allow any files/directories to be exported read/write via NFS.
false
Allow system to run with NIS
false
Enable polyinstantiated directory support.
false
Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
false
Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t
false
Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
false
Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols.
false
Allow users to run UDP servers (bind to ports and accept connection from the same domain and outside users) disabling this may break avahi discovering services on the network and other udp related services.
false
Support ecryptfs home directories
false
Support fusefs home directories
false
Support NFS home directories
false
Support SAMBA home directories