To help prevent flawed or malicious applications from modifying a user's files, you
can use booleans to specify whether users are permitted to run applications in directories
to which they have write access, such as in their home directory hierarchy and
/tmp
.
To allow Oracle Linux users in the guest_t
and
xguest_t
domains to execute applications in directories to which they
have write
access:
#setsebool -P allow_guest_exec_content on
#setsebool -P allow_xguest_exec_content on
To prevent Linux users in the staff_t
and user_t
domains from executing applications in directories to which they have write
access:
#setsebool -P allow_staff_exec_content off
#setsebool -P allow_user_exec_content off