## Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla ##
#### Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla") ##
#### Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t") ##
#### Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla") ##
#### Enable polyinstantiated directory support. ##
#### Allow system to run with NIS ##
#### Allow logging in and using the system from /dev/console. ##
#### Enable reading of urandom for all domains. ##
#### This should be enabled when all programs ## are compiled with ProPolice/SSP ## stack smashing protection. All domains will ## be allowed to read from /dev/urandom. ##
#### Allow email client to various content. ## nfs, samba, removable devices, and user temp ## files ##
#### Allow any files/directories to be exported read/write via NFS. ##
#### Allow any files/directories to be exported read/only via NFS. ##
#### Support NFS home directories ##
#### Support SAMBA home directories ##
#### Allow users to run TCP servers (bind to ports and accept connection from ## the same domain and outside users) disabling this forces FTP passive mode ## and may change other protocols. ##
##