false
Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
false
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
false
Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
false
Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
false
Enable polyinstantiated directory support.
false
Allow raw memory device (/dev/mem, /dev/kmem, /dev/mergemem, dev/oldmem, /dev/port) access for confined executables. This is extremely dangerous as it can bypass the SELinux protections, and should only be used by trusted domains.
false
Allow system to run with NIS
true
Allow logging in and using the system from /dev/console.
false
Enable reading of urandom for all domains.
This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom.
false
Allow email client to various content. nfs, samba, removable devices, and user temp files
false
Allow any files/directories to be exported read/only via NFS.
false
Allow any files/directories to be exported read/write via NFS.
false
Support NFS home directories
false
Support SAMBA home directories
false
Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols.
false
Allow users to run UDP servers (bind to ports and accept connection from the same domain and outside users)