Configuring the Behavior of Application Execution for Users
To help prevent flawed or malicious applications from revising a user's files, you can use
Boolean values to specify whether users are permitted to run applications in directories for
which they have write access, such as the user's home directory hierarchy and
/tmp
.
To enable Oracle Linux users in the guest_t
and xguest_t
domains to run applications in directories to which they have write access, thpe:
sudo setsebool -P allow_guest_exec_content on
sudo setsebool -P allow_xguest_exec_content on
The following example shows how to prevent users in the staff_t
and
user_t
domains from running applications in directories to which they have
write access:
sudo setsebool -P allow_staff_exec_content off
sudo setsebool -P allow_user_exec_content off
For more information, see Customizing SELinux Policies.