# # This file is for the declaration of global tunables. # To change the default value at build time, the booleans.conf # file should be used. # ## ##

## Allow making the heap executable. ##

##
gen_tunable(allow_execheap,false) ## ##

## Allow making anonymous memory executable, e.g. ## for runtime-code generation or executable stack. ##

##
gen_tunable(allow_execmem,false) ## ##

## Allow making a modified private file ## mapping executable (text relocation). ##

##
gen_tunable(allow_execmod,false) ## ##

## Allow making the stack executable via mprotect. ## Also requires allow_execmem. ##

##
gen_tunable(allow_execstack,false) ## ##

## Enable polyinstantiated directory support. ##

##
gen_tunable(allow_polyinstantiation,false) ## ##

## Allow system to run with NIS ##

##
gen_tunable(allow_ypbind,false) ## ##

## Enable reading of urandom for all domains. ##

##

## This should be enabled when all programs ## are compiled with ProPolice/SSP ## stack smashing protection. All domains will ## be allowed to read from /dev/urandom. ##

##
gen_tunable(global_ssp,false) ## ##

## Allow email client to various content. ## nfs, samba, removable devices, user temp ## and untrusted content files ##

##
gen_tunable(mail_read_content,false) ## ##

## Allow nfs to be exported read/write. ##

##
gen_tunable(nfs_export_all_rw,false) ## ##

## Allow nfs to be exported read only ##

##
gen_tunable(nfs_export_all_ro,false) ## ##

## Allow reading of default_t files. ##

##
gen_tunable(read_default_t,false) ## ##

## Allow applications to read untrusted content ## If this is disallowed, Internet content has ## to be manually relabeled for read access to be granted ##

##
gen_tunable(read_untrusted_content,false) ## ##

## Support NFS home directories ##

##
gen_tunable(use_nfs_home_dirs,false) ## ##

## Support SAMBA home directories ##

##
gen_tunable(use_samba_home_dirs,false) ## ##

## Allow users to run TCP servers (bind to ports and accept connection from ## the same domain and outside users) disabling this forces FTP passive mode ## and may change other protocols. ##

##
gen_tunable(user_tcp_server,false) ## ##

## Allow applications to write untrusted content ## If this is disallowed, no Internet content ## will be stored. ##

##
gen_tunable(write_untrusted_content,false)