On Mon, Nov 24, 2008 at 10:40:56 -0500, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > A couple of things, people have asked for the ability to stop the > execution of programs in the homedir. So the least priv app does not > have the ability to execute content. Since xguest has the ability to > execute perl, sh, python and other interpreters, the value of shutting > down execution in the homedir is questionable. This means > ~/bin/myscript.sh will fail, but sh ~/bin/myscript.sh will work. The > blocking of execution does work for all compiled code. OK, that explains what I was seeing. > The policy is for the boolean allows the execution of user_home_t, but > not other labeled file in the homedir, which is a bug. And I think that explains why changing the booleans didn't fix my specific situation. Thanks for the explanation. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
