HEX
Server: Apache
System: Linux vps-cdc32557.vps.ovh.ca 5.15.0-156-generic #166-Ubuntu SMP Sat Aug 9 00:02:46 UTC 2025 x86_64
User: hanode (1017)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /usr/share/selinux/devel/include/
Upload Files
File: //usr/share/selinux/devel/include/global_tunables.xml
<tunable name="allow_execheap" dftval="false">
<desc>
<p>
Allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
</p>
</desc>
</tunable>
<tunable name="allow_execmem" dftval="false">
<desc>
<p>
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
</p>
</desc>
</tunable>
<tunable name="allow_execmod" dftval="false">
<desc>
<p>
Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
</p>
</desc>
</tunable>
<tunable name="allow_execstack" dftval="false">
<desc>
<p>
Allow unconfined executables to make their stack executable.  This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
</p>
</desc>
</tunable>
<tunable name="allow_raw_memory_access" dftval="false">
<desc>
<p>
Allow raw memory device (/dev/mem, /dev/kmem, /dev/mergemem,
dev/oldmem, /dev/port) access for confined executables.  This is
extremely dangerous as it can bypass the SELinux protections, and
should only be used by trusted domains.
</p>
</desc>
</tunable>
<tunable name="allow_polyinstantiation" dftval="false">
<desc>
<p>
Enable polyinstantiated directory support.
</p>
</desc>
</tunable>
<tunable name="allow_ypbind" dftval="false">
<desc>
<p>
Allow system to run with NIS
</p>
</desc>
</tunable>
<tunable name="console_login" dftval="true">
<desc>
<p>
Allow logging in and using the system from /dev/console.
</p>
</desc>
</tunable>
<tunable name="global_ssp" dftval="false">
<desc>
<p>
Enable reading of urandom for all domains.
</p>
<p>
This should be enabled when all programs
are compiled with ProPolice/SSP
stack smashing protection.  All domains will
be allowed to read from /dev/urandom.
</p>
</desc>
</tunable>
<tunable name="mail_read_content" dftval="false">
<desc>
<p>
Allow email client to various content.
nfs, samba, removable devices, and user temp
files
</p>
</desc>
</tunable>
<tunable name="nfs_export_all_rw" dftval="false">
<desc>
<p>
Allow any files/directories to be exported read/write via NFS.
</p>
</desc>
</tunable>
<tunable name="nfs_export_all_ro" dftval="false">
<desc>
<p>
Allow any files/directories to be exported read/only via NFS.
</p>
</desc>
</tunable>
<tunable name="use_nfs_home_dirs" dftval="false">
<desc>
<p>
Support NFS home directories
</p>
</desc>
</tunable>
<tunable name="use_samba_home_dirs" dftval="false">
<desc>
<p>
Support SAMBA home directories
</p>
</desc>
</tunable>
<tunable name="user_tcp_server" dftval="false">
<desc>
<p>
Allow users to run TCP servers (bind to ports and accept connection from
the same domain and outside users)  disabling this forces FTP passive mode
and may change other protocols.
</p>
</desc>
</tunable>
<tunable name="user_udp_server" dftval="false">
<desc>
<p>
Allow users to run UDP servers (bind to ports and accept connection from
the same domain and outside users)
</p>
</desc>
</tunable>
@ Telegram