false
disallow programs, such as newrole, from transitioning to administrative user domains.
false
disallow programs and users from transitioning to insmod domain.
false
prevent all confined domains from loading policy, setting enforcing mode, and changing boolean values. Set this to true and you have to reboot to set it back