Changeset 207
- Timestamp:
- 07/08/08 11:31:21 (2 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/booleans.conf
r176 r207 36 36 37 37 # 38 # Allow usage of the gpg-agent --write-env-file option. 39 # This also allows gpg-agent to manage user files. 40 # 41 gpg_agent_env_file = false 42 43 # 38 44 # Allow java executable stack 39 45 # … … 49 55 # 50 56 allow_mplayer_execstack = false 57 58 # 59 # Allow qemu to connect fully to the network 60 # 61 qemu_full_network = false 62 63 # 64 # Allow sysadm to debug or ptrace all processes. 65 # 66 allow_ptrace = false 51 67 52 68 # … … 195 211 196 212 # 213 # Allow unprived users to execute DDL statement 214 # 215 sepgsql_enable_users_ddl = true 216 217 # 197 218 # Allow pppd to load kernel modules for certain modems 198 219 # … … 304 325 305 326 # 327 # Allow virt to manage nfs files 328 # 329 virt_use_nfs = false 330 331 # 332 # Allow virt to manage cifs files 333 # 334 virt_use_samba = false 335 336 # 306 337 # Allows clients to write to the X server shared 307 338 # memory segments. … … 315 346 316 347 # 348 # Support X userspace object manager 349 # 350 xserver_object_manager = false 351 352 # 317 353 # Allow zebra daemon to write it configuration files 318 354 # 319 355 allow_zebra_write_config = false 356 357 # 358 # Enable support for upstart as the init program. 359 # 360 init_upstart = false 320 361 321 362 # … … 361 402 362 403 # 363 # Allow making the heap executable.404 # Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla 364 405 # 365 406 allow_execheap = false 366 407 367 408 # 368 # Allow making anonymous memory executable, e.g. 369 # for runtime-code generation or executable stack. 409 # Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla") 370 410 # 371 411 allow_execmem = false 372 412 373 413 # 374 # Allow making a modified private file 375 # mapping executable (text relocation). 414 # Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t") 376 415 # 377 416 allow_execmod = false 378 417 379 418 # 380 # Allow making the stack executable via mprotect. 381 # Also requires allow_execmem. 419 # Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla") 382 420 # 383 421 allow_execstack = false … … 414 452 415 453 # 416 # Allow nfs to be exported read/write.454 # Allow any files/directories to be exported read/write via NFS. 417 455 # 418 456 nfs_export_all_rw = false 419 457 420 458 # 421 # Allow nfs to be exported read only459 # Allow any files/directories to be exported read/only via NFS. 422 460 # 423 461 nfs_export_all_ro = false … … 460 498 461 499 # 462 # Allow applications to write untrusted content500 # Allow spamd to read/write user home directories. 463 501 # 464 502 spamd_enable_home_dirs = true 465 503 466 504 # 467 # Allow applications to write untrusted content505 # Allow user spamassassin clients to use the network. 468 506 # 469 507 spamassassin_can_network = false 470 508 471 509 # 472 # Allow applications to write untrusted content510 # Allow samba to share users home directories. 473 511 # 474 512 samba_enable_home_dirs = false 475 513 476 514 # 477 # Allow applications to write untrusted content515 # Allow pppd to be run for a regular user 478 516 # 479 517 pppd_for_user = false 480 518 481 519 # 482 # Allow applications to write untrusted content520 # Allow confined applications to run with kerberos 483 521 # 484 522 allow_kerberos = false
