52 lines
1.1 KiB
Plaintext
52 lines
1.1 KiB
Plaintext
# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
|
|
#
|
|
allow_execmem = false
|
|
|
|
# Allow making a modified private filemapping executable (text relocation).
|
|
#
|
|
allow_execmod = false
|
|
|
|
# Allow making the stack executable via mprotect.Also requires allow_execmem.
|
|
#
|
|
allow_execstack = false
|
|
|
|
# Allow ftp servers to modify public filesused for public file transfer services.
|
|
#
|
|
allow_ftpd_anon_write = false
|
|
|
|
# Allow gssd to read temp directory.
|
|
#
|
|
allow_gssd_read_tmp = false
|
|
|
|
# Allow sysadm to ptrace all processes
|
|
#
|
|
allow_ptrace = false
|
|
|
|
# Allow reading of default_t files.
|
|
#
|
|
read_default_t = false
|
|
|
|
# Allow system cron jobs to relabel filesystemfor restoring file contexts.
|
|
#
|
|
cron_can_relabel = false
|
|
|
|
# Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)
|
|
#
|
|
staff_read_sysadm_file = false
|
|
|
|
# Allow users to read system messages.
|
|
#
|
|
user_dmesg = false
|
|
|
|
# Allow sysadm to ptrace all processes
|
|
#
|
|
allow_ptrace = false
|
|
|
|
## Control users use of ping and traceroute
|
|
user_ping = true
|
|
|
|
# Allow unlabeled packets to flow
|
|
#
|
|
allow_unlabeled_packets = true
|
|
|