%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/share/selinux/devel/include/
Upload File :
Create Path :
Current File : //usr/share/selinux/devel/include/global_tunables.xml

<tunable name="allow_execheap" dftval="false">
<desc>
<p>
Allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
</p>
</desc>
</tunable>
<tunable name="allow_execmem" dftval="false">
<desc>
<p>
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla)
</p>
</desc>
</tunable>
<tunable name="allow_execmod" dftval="false">
<desc>
<p>
Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t)
</p>
</desc>
</tunable>
<tunable name="allow_execstack" dftval="false">
<desc>
<p>
Allow unconfined executables to make their stack executable.  This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla)
</p>
</desc>
</tunable>
<tunable name="allow_polyinstantiation" dftval="false">
<desc>
<p>
Enable polyinstantiated directory support.
</p>
</desc>
</tunable>
<tunable name="allow_ypbind" dftval="false">
<desc>
<p>
Allow system to run with NIS
</p>
</desc>
</tunable>
<tunable name="global_ssp" dftval="false">
<desc>
<p>
Enable reading of urandom for all domains.
</p>
<p>
This should be enabled when all programs
are compiled with ProPolice/SSP
stack smashing protection.  All domains will
be allowed to read from /dev/urandom.
</p>
</desc>
</tunable>
<tunable name="use_nfs_home_dirs" dftval="false">
<desc>
<p>
Support NFS home directories
</p>
</desc>
</tunable>
<tunable name="use_fusefs_home_dirs" dftval="false">
<desc>
<p>
Support fusefs home directories
</p>
</desc>
</tunable>
<tunable name="use_samba_home_dirs" dftval="false">
<desc>
<p>
Support SAMBA home directories
</p>
</desc>
</tunable>
<tunable name="user_tcp_server" dftval="false">
<desc>
<p>
Allow users to run TCP servers (bind to ports and accept connection from
the same domain and outside users)  disabling this forces FTP passive mode
and may change other protocols.
</p>
</desc>
</tunable>
<tunable name="allow_console_login" dftval="false">
<desc>
<p>
Allow direct login to the console device. Required for System 390
</p>
</desc>
</tunable>
<tunable name="mmap_low_allowed" dftval="false">
<desc>
<p>
Allow certain domains to map low memory in the kernel
</p>
</desc>
</tunable>

Zerion Mini Shell 1.0