## Allow making the heap executable. ##
#### Allow making anonymous memory executable, e.g. ## for runtime-code generation or executable stack. ##
#### Allow making a modified private file ## mapping executable (text relocation). ##
#### Allow making the stack executable via mprotect. ## Also requires allow_execmem. ##
#### Enable polyinstantiated directory support. ##
#### Allow system to run with NIS ##
#### Enable reading of urandom for all domains. ##
#### This should be enabled when all programs ## are compiled with ProPolice/SSP ## stack smashing protection. All domains will ## be allowed to read from /dev/urandom. ##
#### Allow email client to various content. ## nfs, samba, removable devices, user temp ## and untrusted content files ##
#### Allow nfs to be exported read/write. ##
#### Allow nfs to be exported read only ##
#### Allow reading of default_t files. ##
#### Allow applications to read untrusted content ## If this is disallowed, Internet content has ## to be manually relabeled for read access to be granted ##
#### Support NFS home directories ##
#### Support SAMBA home directories ##
#### Allow users to run TCP servers (bind to ports and accept connection from ## the same domain and outside users) disabling this forces FTP passive mode ## and may change other protocols. ##
#### Allow applications to write untrusted content ## If this is disallowed, no Internet content ## will be stored. ##
##