selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2 / usr / share / selinux / ubuntu / include / global_tunables.xml

This file is indexed.

/usr/share/selinux/ubuntu/include/global_tunables.xml is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
<tunable name="allow_execheap" dftval="false">
<desc>
<p>
Allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
</p>
</desc>
</tunable>
<tunable name="allow_execmem" dftval="false">
<desc>
<p>
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
</p>
</desc>
</tunable>
<tunable name="allow_execmod" dftval="false">
<desc>
<p>
Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
</p>
</desc>
</tunable>
<tunable name="allow_execstack" dftval="false">
<desc>
<p>
Allow unconfined executables to make their stack executable.  This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
</p>
</desc>
</tunable>
<tunable name="allow_polyinstantiation" dftval="false">
<desc>
<p>
Enable polyinstantiated directory support.
</p>
</desc>
</tunable>
<tunable name="allow_ypbind" dftval="false">
<desc>
<p>
Allow system to run with NIS
</p>
</desc>
</tunable>
<tunable name="global_ssp" dftval="false">
<desc>
<p>
Enable reading of urandom for all domains.
</p>
<p>
This should be enabled when all programs
are compiled with ProPolice/SSP
stack smashing protection.  All domains will
be allowed to read from /dev/urandom.
</p>
</desc>
</tunable>
<tunable name="mail_read_content" dftval="false">
<desc>
<p>
Allow email client to various content.
nfs, samba, removable devices, and user temp
files
</p>
</desc>
</tunable>
<tunable name="nfs_export_all_rw" dftval="false">
<desc>
<p>
Allow any files/directories to be exported read/write via NFS.
</p>
</desc>
</tunable>
<tunable name="nfs_export_all_ro" dftval="false">
<desc>
<p>
Allow any files/directories to be exported read/only via NFS.
</p>
</desc>
</tunable>
<tunable name="use_nfs_home_dirs" dftval="false">
<desc>
<p>
Support NFS home directories
</p>
</desc>
</tunable>
<tunable name="use_samba_home_dirs" dftval="false">
<desc>
<p>
Support SAMBA home directories
</p>
</desc>
</tunable>
<tunable name="user_tcp_server" dftval="false">
<desc>
<p>
Allow users to run TCP servers (bind to ports and accept connection from
the same domain and outside users)  disabling this forces FTP passive mode
and may change other protocols.
</p>
</desc>
</tunable>

APT Browse - Built by Thomas Orozco.