26.2.6.2 Configuring the Behavior of Application Execution for Users

To help prevent flawed or malicious applications from modifying a user's files, you can use booleans to specify whether users are permitted to run applications in directories to which they have write access, such as in their home directory hierarchy and /tmp.

To allow Oracle Linux users in the guest_t and xguest_t domains to execute applications in directories to which they have write access:

# setsebool -P allow_guest_exec_content on
# setsebool -P allow_xguest_exec_content on

To prevent Linux users in the staff_t and user_t domains from executing applications in directories to which they have write access:

# setsebool -P allow_staff_exec_content off
# setsebool -P allow_user_exec_content off