SELinux boolean State Default Description abrt_anon_write (off , off) Allow abrt to anon write abrt_handle_event (off , off) Allow abrt to handle event abrt_upload_watch_anon_write (on , on) Allow abrt to upload watch anon write antivirus_can_scan_system (off , off) Allow antivirus to can scan system antivirus_use_jit (off , off) Allow antivirus to use jit auditadm_exec_content (on , on) Allow auditadm to exec content authlogin_nsswitch_use_ldap (off , off) Allow authlogin to nsswitch use ldap authlogin_radius (off , off) Allow authlogin to radius authlogin_yubikey (off , off) Allow authlogin to yubikey awstats_purge_apache_log_files (off , off) Allow awstats to purge apache log files boinc_execmem (on , on) Allow boinc to execmem cdrecord_read_content (off , off) Allow cdrecord to read content cluster_can_network_connect (off , off) Allow cluster to can network connect cluster_manage_all_files (off , off) Allow cluster to manage all files cluster_use_execmem (off , off) Allow cluster to use execmem cobbler_anon_write (off , off) Allow cobbler to anon write cobbler_can_network_connect (off , off) Allow cobbler to can network connect cobbler_use_cifs (off , off) Allow cobbler to use cifs cobbler_use_nfs (off , off) Allow cobbler to use nfs collectd_tcp_network_connect (on , on) Allow collectd to tcp network connect colord_use_nfs (off , off) Allow colord to use nfs condor_tcp_network_connect (off , off) Allow condor to tcp network connect conman_can_network (off , off) Allow conman to can network conman_use_nfs (off , off) Allow conman to use nfs container_connect_any (off , off) Allow container to connect any container_manage_cgroup (off , off) Allow container to manage cgroup container_modify_selinux_labels (off , off) Allow container to modify selinux labels container_read_certs (off , off) Allow container to read certs container_use_cephfs (off , off) Allow container to use cephfs container_use_devices (off , off) Allow container to use devices container_use_dri_devices (on , on) Allow container to use dri devices container_use_ecryptfs (off , off) Allow container to use ecryptfs container_use_xserver_devices (off , off) Allow container to use xserver devices container_user_exec_content (on , on) Allow container to user exec content cron_can_relabel (off , off) Allow cron to can relabel cron_system_cronjob_use_shares (off , off) Allow cron to system cronjob use shares cron_userdomain_transition (on , on) Allow cron to userdomain transition cups_execmem (off , off) Allow cups to execmem cvs_read_shadow (off , off) Allow cvs to read shadow daemons_dontaudit_scheduling (on , on) Allow daemons to dontaudit scheduling daemons_dump_core (off , off) Allow daemons to dump core daemons_enable_cluster_mode (on , on) Allow daemons to enable cluster mode daemons_use_tcp_wrapper (off , off) Allow daemons to use tcp wrapper daemons_use_tty (off , off) Allow daemons to use tty dbadm_exec_content (on , on) Allow dbadm to exec content dbadm_manage_user_files (off , off) Allow dbadm to manage user files dbadm_read_user_files (off , off) Allow dbadm to read user files deny_bluetooth (off , off) Allow deny to bluetooth deny_execmem (off , off) Allow deny to execmem deny_ptrace (off , off) Allow deny to ptrace dhcpc_exec_iptables (off , off) Allow dhcpc to exec iptables dhcpd_use_ldap (off , off) Allow dhcpd to use ldap dnsmasq_use_ipset (off , off) Allow dnsmasq to use ipset domain_can_mmap_files (on , on) Allow domain to can mmap files domain_can_write_kmsg (off , off) Allow domain to can write kmsg domain_fd_use (on , on) Allow domain to fd use domain_kernel_load_modules (on , on) Allow domain to kernel load modules entropyd_use_audio (on , on) Allow entropyd to use audio exim_can_connect_db (off , off) Allow exim to can connect db exim_manage_user_files (off , off) Allow exim to manage user files exim_read_user_files (off , off) Allow exim to read user files fcron_crond (off , off) Allow fcron to crond fenced_can_network_connect (off , off) Allow fenced to can network connect fenced_can_ssh (off , off) Allow fenced to can ssh fips_mode (on , on) Allow fips to mode ftpd_anon_write (off , off) Allow ftpd to anon write ftpd_connect_all_unreserved (off , off) Allow ftpd to connect all unreserved ftpd_connect_db (off , off) Allow ftpd to connect db ftpd_full_access (off , off) Allow ftpd to full access ftpd_use_cifs (off , off) Allow ftpd to use cifs ftpd_use_fusefs (off , off) Allow ftpd to use fusefs ftpd_use_nfs (off , off) Allow ftpd to use nfs ftpd_use_passive_mode (off , off) Allow ftpd to use passive mode git_cgi_enable_homedirs (off , off) Allow git to cgi enable homedirs git_cgi_use_cifs (off , off) Allow git to cgi use cifs git_cgi_use_nfs (off , off) Allow git to cgi use nfs git_session_bind_all_unreserved_ports (off , off) Allow git to session bind all unreserved ports git_session_users (off , off) Allow git to session users git_system_enable_homedirs (off , off) Allow git to system enable homedirs git_system_use_cifs (off , off) Allow git to system use cifs git_system_use_nfs (off , off) Allow git to system use nfs gitosis_can_sendmail (off , off) Allow gitosis to can sendmail glance_api_can_network (on , on) Allow glance to api can network glance_use_execmem (on , on) Allow glance to use execmem glance_use_fusefs (on , on) Allow glance to use fusefs global_ssp (off , off) Allow global to ssp gpg_web_anon_write (off , off) Allow gpg to web anon write gssd_read_tmp (on , on) Allow gssd to read tmp guest_exec_content (on , on) Allow guest to exec content haproxy_connect_any (on , on) Allow haproxy to connect any httpd_anon_write (off , off) Allow httpd to anon write httpd_builtin_scripting (on , on) Allow httpd to builtin scripting httpd_can_check_spam (off , off) Allow httpd to can check spam httpd_can_connect_ftp (off , off) Allow httpd to can connect ftp httpd_can_connect_ldap (off , off) Allow httpd to can connect ldap httpd_can_connect_mythtv (off , off) Allow httpd to can connect mythtv httpd_can_connect_zabbix (off , off) Allow httpd to can connect zabbix httpd_can_manage_courier_spool (off , off) Allow httpd to can manage courier spool httpd_can_network_connect (on , on) Allow httpd to can network connect httpd_can_network_connect_cobbler (off , off) Allow httpd to can network connect cobbler httpd_can_network_connect_db (off , off) Allow httpd to can network connect db httpd_can_network_memcache (off , off) Allow httpd to can network memcache httpd_can_network_relay (off , off) Allow httpd to can network relay httpd_can_sendmail (off , off) Allow httpd to can sendmail httpd_dbus_avahi (off , off) Allow httpd to dbus avahi httpd_dbus_sssd (off , off) Allow httpd to dbus sssd httpd_dontaudit_search_dirs (off , off) Allow httpd to dontaudit search dirs httpd_enable_cgi (on , on) Allow httpd to enable cgi httpd_enable_ftp_server (off , off) Allow httpd to enable ftp server httpd_enable_homedirs (off , off) Allow httpd to enable homedirs httpd_execmem (on , on) Allow httpd to execmem httpd_graceful_shutdown (off , off) Allow httpd to graceful shutdown httpd_manage_ipa (off , off) Allow httpd to manage ipa httpd_mod_auth_ntlm_winbind (off , off) Allow httpd to mod auth ntlm winbind httpd_mod_auth_pam (off , off) Allow httpd to mod auth pam httpd_read_user_content (off , off) Allow httpd to read user content httpd_run_ipa (off , off) Allow httpd to run ipa httpd_run_preupgrade (off , off) Allow httpd to run preupgrade httpd_run_stickshift (off , off) Allow httpd to run stickshift httpd_serve_cobbler_files (off , off) Allow httpd to serve cobbler files httpd_setrlimit (off , off) Allow httpd to setrlimit httpd_ssi_exec (off , off) Allow httpd to ssi exec httpd_sys_script_anon_write (off , off) Allow httpd to sys script anon write httpd_tmp_exec (off , off) Allow httpd to tmp exec httpd_tty_comm (off , off) Allow httpd to tty comm httpd_unified (off , off) Allow httpd to unified httpd_use_cifs (off , off) Allow httpd to use cifs httpd_use_fusefs (off , off) Allow httpd to use fusefs httpd_use_gpg (off , off) Allow httpd to use gpg httpd_use_nfs (off , off) Allow httpd to use nfs httpd_use_opencryptoki (off , off) Allow httpd to use opencryptoki httpd_use_openstack (on , on) Allow httpd to use openstack httpd_use_sasl (off , off) Allow httpd to use sasl httpd_verify_dns (off , off) Allow httpd to verify dns icecast_use_any_tcp_ports (off , off) Allow icecast to use any tcp ports init_audit_control (off , off) Allow init to audit control init_create_dirs (on , on) Allow init to create dirs irc_use_any_tcp_ports (off , off) Allow irc to use any tcp ports irqbalance_run_unconfined (off , off) Allow irqbalance to run unconfined irssi_use_full_network (off , off) Allow irssi to use full network kdumpgui_run_bootloader (off , off) Allow kdumpgui to run bootloader keepalived_connect_any (off , off) Allow keepalived to connect any kerberos_enabled (on , on) Allow kerberos to enabled ksmtuned_use_cifs (off , off) Allow ksmtuned to use cifs ksmtuned_use_nfs (off , off) Allow ksmtuned to use nfs logadm_exec_content (on , on) Allow logadm to exec content logging_syslogd_append_public_content (off , off) Allow logging to syslogd append public content logging_syslogd_can_sendmail (off , off) Allow logging to syslogd can sendmail logging_syslogd_list_non_security_dirs (off , off) Allow logging to syslogd list non security dirs logging_syslogd_run_nagios_plugins (off , off) Allow logging to syslogd run nagios plugins logging_syslogd_run_unconfined (off , off) Allow logging to syslogd run unconfined logging_syslogd_use_tty (on , on) Allow logging to syslogd use tty login_console_enabled (on , on) Allow login to console enabled logrotate_read_inside_containers (off , off) Allow logrotate to read inside containers logrotate_use_cifs (off , off) Allow logrotate to use cifs logrotate_use_fusefs (off , off) Allow logrotate to use fusefs logrotate_use_nfs (off , off) Allow logrotate to use nfs logwatch_can_network_connect_mail (off , off) Allow logwatch to can network connect mail lsmd_plugin_connect_any (off , off) Allow lsmd to plugin connect any mailman_use_fusefs (off , off) Allow mailman to use fusefs mcelog_client (off , off) Allow mcelog to client mcelog_exec_scripts (on , on) Allow mcelog to exec scripts mcelog_foreground (off , off) Allow mcelog to foreground mcelog_server (off , off) Allow mcelog to server minidlna_read_generic_user_content (off , off) Allow minidlna to read generic user content mmap_low_allowed (off , off) Allow mmap to low allowed mock_enable_homedirs (off , off) Allow mock to enable homedirs mount_anyfile (on , on) Allow mount to anyfile mozilla_plugin_bind_unreserved_ports (off , off) Allow mozilla to plugin bind unreserved ports mozilla_plugin_can_network_connect (on , on) Allow mozilla to plugin can network connect mozilla_plugin_use_bluejeans (off , off) Allow mozilla to plugin use bluejeans mozilla_plugin_use_gps (off , off) Allow mozilla to plugin use gps mozilla_plugin_use_spice (off , off) Allow mozilla to plugin use spice mozilla_read_content (off , off) Allow mozilla to read content mpd_enable_homedirs (off , off) Allow mpd to enable homedirs mpd_use_cifs (off , off) Allow mpd to use cifs mpd_use_nfs (off , off) Allow mpd to use nfs mplayer_execstack (off , off) Allow mplayer to execstack mysql_connect_any (off , off) Allow mysql to connect any mysql_connect_http (off , off) Allow mysql to connect http nagios_run_pnp4nagios (off , off) Allow nagios to run pnp4nagios nagios_run_sudo (off , off) Allow nagios to run sudo nagios_use_nfs (off , off) Allow nagios to use nfs named_tcp_bind_http_port (off , off) Allow named to tcp bind http port named_write_master_zones (on , on) Allow named to write master zones neutron_can_network (on , on) Allow neutron to can network nfs_export_all_ro (on , on) Allow nfs to export all ro nfs_export_all_rw (on , on) Allow nfs to export all rw nfsd_anon_write (off , off) Allow nfsd to anon write nis_enabled (on , on) Allow nis to enabled nscd_use_shm (on , on) Allow nscd to use shm openfortivpn_can_network_connect (on , on) Allow openfortivpn to can network connect openshift_use_nfs (off , off) Allow openshift to use nfs openvpn_can_network_connect (on , on) Allow openvpn to can network connect openvpn_enable_homedirs (on , on) Allow openvpn to enable homedirs openvpn_run_unconfined (off , off) Allow openvpn to run unconfined os_barbican_write_pki (off , off) Allow os to barbican write pki os_cinder_use_nfs (on , on) Allow os to cinder use nfs os_dnsmasq_dac_override (on , on) Allow os to dnsmasq dac override os_enable_vtpm (off , off) Allow os to enable vtpm os_glance_dac_override (on , on) Allow os to glance dac override os_glance_use_nfs (on , on) Allow os to glance use nfs os_glance_use_sudo (on , on) Allow os to glance use sudo os_gnocchi_use_nfs (on , on) Allow os to gnocchi use nfs os_haproxy_dac_override (on , on) Allow os to haproxy dac override os_haproxy_enable_nsfs (off , off) Allow os to haproxy enable nsfs os_haproxy_ping (off , off) Allow os to haproxy ping os_httpd_wsgi (on , on) Allow os to httpd wsgi os_keepalived_dac_override (on , on) Allow os to keepalived dac override os_keystone_use_execmem (on , on) Allow os to keystone use execmem os_neutron_dac_override (on , on) Allow os to neutron dac override os_neutron_use_execmem (on , on) Allow os to neutron use execmem os_nova_use_execmem (on , on) Allow os to nova use execmem os_openvswitch_dac_override (on , on) Allow os to openvswitch dac override os_swift_use_execmem (on , on) Allow os to swift use execmem os_virtlog_dac_override (on , on) Allow os to virtlog dac override os_virtlogd_use_nfs (on , on) Allow os to virtlogd use nfs pasta_bind_all_ports (on , on) Allow pasta to bind all ports pcp_bind_all_unreserved_ports (off , off) Allow pcp to bind all unreserved ports pcp_read_generic_logs (off , off) Allow pcp to read generic logs pdns_can_network_connect_db (off , off) Allow pdns to can network connect db piranha_lvs_can_network_connect (off , off) Allow piranha to lvs can network connect polipo_connect_all_unreserved (off , off) Allow polipo to connect all unreserved polipo_session_bind_all_unreserved_ports (off , off) Allow polipo to session bind all unreserved ports polipo_session_users (off , off) Allow polipo to session users polipo_use_cifs (off , off) Allow polipo to use cifs polipo_use_nfs (off , off) Allow polipo to use nfs polyinstantiation_enabled (off , off) Allow polyinstantiation to enabled postfix_local_write_mail_spool (on , on) Allow postfix to local write mail spool postgresql_can_rsync (off , off) Allow postgresql to can rsync postgresql_selinux_transmit_client_label (off , off) Allow postgresql to selinux transmit client label postgresql_selinux_unconfined_dbadm (on , on) Allow postgresql to selinux unconfined dbadm postgresql_selinux_users_ddl (on , on) Allow postgresql to selinux users ddl pppd_can_insmod (off , off) Allow pppd to can insmod pppd_for_user (off , off) Allow pppd to for user privoxy_connect_any (on , on) Allow privoxy to connect any prosody_bind_http_port (off , off) Allow prosody to bind http port puppetagent_manage_all_files (off , off) Allow puppetagent to manage all files puppetmaster_use_db (off , off) Allow puppetmaster to use db racoon_read_shadow (off , off) Allow racoon to read shadow radius_use_jit (off , off) Allow radius to use jit redis_enable_notify (off , off) Allow redis to enable notify rngd_execmem (off , off) Allow rngd to execmem rpcd_use_fusefs (off , off) Allow rpcd to use fusefs rsync_anon_write (off , off) Allow rsync to anon write rsync_client (on , on) Allow rsync to client rsync_export_all_ro (off , off) Allow rsync to export all ro rsync_full_access (on , on) Allow rsync to full access rsync_sys_admin (off , off) Allow rsync to sys admin samba_create_home_dirs (off , off) Allow samba to create home dirs samba_domain_controller (off , off) Allow samba to domain controller samba_enable_home_dirs (off , off) Allow samba to enable home dirs samba_export_all_ro (off , off) Allow samba to export all ro samba_export_all_rw (off , off) Allow samba to export all rw samba_load_libgfapi (off , off) Allow samba to load libgfapi samba_portmapper (off , off) Allow samba to portmapper samba_run_unconfined (off , off) Allow samba to run unconfined samba_share_fusefs (off , off) Allow samba to share fusefs samba_share_nfs (off , off) Allow samba to share nfs sanlock_enable_home_dirs (off , off) Allow sanlock to enable home dirs sanlock_use_fusefs (off , off) Allow sanlock to use fusefs sanlock_use_nfs (off , off) Allow sanlock to use nfs sanlock_use_samba (off , off) Allow sanlock to use samba saslauthd_read_shadow (off , off) Allow saslauthd to read shadow screen_allow_session_sharing (off , off) Allow screen to allow session sharing secadm_exec_content (on , on) Allow secadm to exec content secure_mode (off , off) Allow secure to mode secure_mode_insmod (off , off) Allow secure to mode insmod secure_mode_policyload (off , off) Allow secure to mode policyload selinuxuser_direct_dri_enabled (on , on) Allow selinuxuser to direct dri enabled selinuxuser_execheap (off , off) Allow selinuxuser to execheap selinuxuser_execmod (off , off) Allow selinuxuser to execmod selinuxuser_execstack (on , on) Allow selinuxuser to execstack selinuxuser_mysql_connect_enabled (off , off) Allow selinuxuser to mysql connect enabled selinuxuser_ping (on , on) Allow selinuxuser to ping selinuxuser_postgresql_connect_enabled (off , off) Allow selinuxuser to postgresql connect enabled selinuxuser_rw_noexattrfile (on , on) Allow selinuxuser to rw noexattrfile selinuxuser_share_music (off , off) Allow selinuxuser to share music selinuxuser_tcp_server (off , off) Allow selinuxuser to tcp server selinuxuser_udp_server (off , off) Allow selinuxuser to udp server selinuxuser_use_ssh_chroot (off , off) Allow selinuxuser to use ssh chroot sge_domain_can_network_connect (off , off) Allow sge to domain can network connect sge_use_nfs (off , off) Allow sge to use nfs smartmon_3ware (off , off) Allow smartmon to 3ware smbd_anon_write (off , off) Allow smbd to anon write spamassassin_can_network (off , off) Allow spamassassin to can network spamd_enable_home_dirs (on , on) Allow spamd to enable home dirs spamd_update_can_network (off , off) Allow spamd to update can network squid_bind_snmp_port (off , off) Allow squid to bind snmp port squid_connect_any (on , on) Allow squid to connect any squid_use_tproxy (off , off) Allow squid to use tproxy ssh_chroot_rw_homedirs (off , off) Allow ssh to chroot rw homedirs ssh_keysign (off , off) Allow ssh to keysign ssh_sysadm_login (off , off) Allow ssh to sysadm login ssh_use_tcpd (off , off) Allow ssh to use tcpd sshd_launch_containers (off , off) Allow sshd to launch containers sslh_can_bind_any_port (off , off) Allow sslh to can bind any port sslh_can_connect_any_port (off , off) Allow sslh to can connect any port sssd_access_kernel_keys (off , off) Allow sssd to access kernel keys sssd_connect_all_unreserved_ports (off , off) Allow sssd to connect all unreserved ports sssd_use_usb (off , off) Allow sssd to use usb staff_exec_content (on , on) Allow staff to exec content staff_use_svirt (off , off) Allow staff to use svirt swift_can_network (on , on) Allow swift to can network sysadm_exec_content (on , on) Allow sysadm to exec content systemd_socket_proxyd_bind_any (off , off) Allow systemd to socket proxyd bind any systemd_socket_proxyd_connect_any (off , off) Allow systemd to socket proxyd connect any telepathy_connect_all_ports (off , off) Allow telepathy to connect all ports telepathy_tcp_connect_generic_network_ports (on , on) Allow telepathy to tcp connect generic network ports tftp_anon_write (off , off) Allow tftp to anon write tftp_home_dir (off , off) Allow tftp to home dir tmpreaper_use_cifs (off , off) Allow tmpreaper to use cifs tmpreaper_use_nfs (off , off) Allow tmpreaper to use nfs tmpreaper_use_samba (off , off) Allow tmpreaper to use samba tomcat_can_network_connect_db (off , off) Allow tomcat to can network connect db tomcat_read_rpm_db (off , off) Allow tomcat to read rpm db tomcat_use_execmem (off , off) Allow tomcat to use execmem tor_bind_all_unreserved_ports (off , off) Allow tor to bind all unreserved ports tor_can_network_relay (off , off) Allow tor to can network relay tor_can_onion_services (off , off) Allow tor to can onion services unconfined_chrome_sandbox_transition (on , on) Allow unconfined to chrome sandbox transition unconfined_dyntrans_all (off , off) Allow unconfined to dyntrans all unconfined_login (on , on) Allow unconfined to login unconfined_mozilla_plugin_transition (on , on) Allow unconfined to mozilla plugin transition unprivuser_use_svirt (off , off) Allow unprivuser to use svirt use_ecryptfs_home_dirs (off , off) Allow use to ecryptfs home dirs use_fusefs_home_dirs (off , off) Allow use to fusefs home dirs use_lpd_server (off , off) Allow use to lpd server use_nfs_home_dirs (off , off) Allow use to nfs home dirs use_samba_home_dirs (off , off) Allow use to samba home dirs use_virtualbox (on , on) Allow use to virtualbox user_exec_content (on , on) Allow user to exec content varnishd_connect_any (off , off) Allow varnishd to connect any virt_lockd_blk_devs (off , off) Allow virt to lockd blk devs virt_qemu_ga_manage_ssh (off , off) Allow virt to qemu ga manage ssh virt_qemu_ga_read_nonsecurity_files (off , off) Allow virt to qemu ga read nonsecurity files virt_qemu_ga_run_unconfined (off , off) Allow virt to qemu ga run unconfined virt_read_qemu_ga_data (off , off) Allow virt to read qemu ga data virt_rw_qemu_ga_data (off , off) Allow virt to rw qemu ga data virt_sandbox_share_apache_content (off , off) Allow virt to sandbox share apache content virt_sandbox_use_all_caps (on , on) Allow virt to sandbox use all caps virt_sandbox_use_audit (on , on) Allow virt to sandbox use audit virt_sandbox_use_fusefs (off , off) Allow virt to sandbox use fusefs virt_sandbox_use_mknod (off , off) Allow virt to sandbox use mknod virt_sandbox_use_netlink (off , off) Allow virt to sandbox use netlink virt_sandbox_use_sys_admin (off , off) Allow virt to sandbox use sys admin virt_transition_userdomain (off , off) Allow virt to transition userdomain virt_use_comm (off , off) Allow virt to use comm virt_use_execmem (on , on) Allow virt to use execmem virt_use_fusefs (on , on) Allow virt to use fusefs virt_use_glusterd (off , off) Allow virt to use glusterd virt_use_nfs (on , on) Allow virt to use nfs virt_use_pcscd (off , off) Allow virt to use pcscd virt_use_pulseaudio (off , off) Allow virt to use pulseaudio virt_use_rawip (off , off) Allow virt to use rawip virt_use_samba (off , off) Allow virt to use samba virt_use_sanlock (off , off) Allow virt to use sanlock virt_use_usb (on , on) Allow virt to use usb virt_use_xserver (off , off) Allow virt to use xserver webadm_manage_user_files (off , off) Allow webadm to manage user files webadm_read_user_files (off , off) Allow webadm to read user files wine_mmap_zero_ignore (off , off) Allow wine to mmap zero ignore xdm_bind_vnc_tcp_port (off , off) Allow xdm to bind vnc tcp port xdm_exec_bootloader (off , off) Allow xdm to exec bootloader xdm_manage_bootloader (on , on) Allow xdm to manage bootloader xdm_sysadm_login (off , off) Allow xdm to sysadm login xdm_write_home (off , off) Allow xdm to write home xen_use_nfs (off , off) Allow xen to use nfs xend_run_blktap (on , on) Allow xend to run blktap xend_run_qemu (on , on) Allow xend to run qemu xguest_connect_network (on , on) Allow xguest to connect network xguest_exec_content (on , on) Allow xguest to exec content xguest_mount_media (on , on) Allow xguest to mount media xguest_use_bluetooth (on , on) Allow xguest to use bluetooth xserver_clients_write_xshm (off , off) Allow xserver to clients write xshm xserver_execmem (off , off) Allow xserver to execmem xserver_object_manager (off , off) Allow xserver to object manager zabbix_can_network (off , off) Allow zabbix to can network zabbix_run_sudo (off , off) Allow zabbix to run sudo zarafa_setrlimit (off , off) Allow zarafa to setrlimit zebra_write_config (off , off) Allow zebra to write config zoneminder_anon_write (off , off) Allow zoneminder to anon write zoneminder_run_sudo (off , off) Allow zoneminder to run sudo