Hello,
You can certainly not allow execute permission to *_tmp_t (the types applied to files created in /tmp) in your policy. In fact, most domains should already be that way.
but I don't want to create a policy for every single application. Just think of file permissions: They are valid for every user, no matter which application or service tries to access a certain file. The permissions apply for all processes. The same is true if I would mount /tmp on a separate partition wich noexec. So, how can I setup a noexec-policy for /tmp selinux that applies for all processes as file permissions or mount options do?
Regards Marten -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list