Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla

Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")

Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")

Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")

Enable polyinstantiated directory support.

Allow system to run with NIS

Allow logging in and using the system from /dev/console.

Enable reading of urandom for all domains.

This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom.

Allow email client to various content. nfs, samba, removable devices, and user temp files

Allow any files/directories to be exported read/write via NFS.

Allow any files/directories to be exported read/only via NFS.

Support NFS home directories

Support SAMBA home directories

Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols.

Allow users to run UDP servers (bind to ports and accept connection from the same domain and outside users)