The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
To help prevent flawed or malicious applications from
modifying a user's files, you can use booleans to specify
whether users are permitted to run applications in directories
to which they have write access, such as in their home
directory hierarchy and /tmp
.
To allow Oracle Linux users in the guest_t
and xguest_t
domains to execute
applications in directories to which they have write access:
#setsebool -P allow_guest_exec_content on
#setsebool -P allow_xguest_exec_content on
To prevent Linux users in the staff_t
and
user_t
domains from executing applications
in directories to which they have write access:
#setsebool -P allow_staff_exec_content off
#setsebool -P allow_user_exec_content off