There is some concern on the devel mailing list about user-writable directories in the default $PATH -- initially discussion about ~/.local/bin as a hidden file, but now also out to ~/bin as well. I notice that these are home_bin_t. What does this do with the current policy, and what more could we do? (Particularly, a compromised application shouldn't be able to put binaries there, but a shell script or something like `pip install` probably _should_ be able to.) -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
