Configuring the Behavior of Application Execution for Users

To help prevent flawed or malicious applications from revising a user's files, you can use Boolean values to specify whether users are permitted to run applications in directories for which they have write access, such as the user's home directory hierarchy and /tmp.

To enable Oracle Linux users in the guest_t and xguest_t domains to run applications in directories to which they have write access, thpe:

sudo setsebool -P allow_guest_exec_content on
sudo setsebool -P allow_xguest_exec_content on

The following example shows how to prevent users in the staff_t and user_t domains from running applications in directories to which they have write access:

sudo setsebool -P allow_staff_exec_content off
sudo setsebool -P allow_user_exec_content off

For more information, see Customizing SELinux Policies.