noexec mount-option with selinux?
Marten Lehmann
lehmann at cnm.de
Fri May 12 13:46:21 UTC 2006
> When you want to change the quotas or set them, run:
> # setquota username block-soft block-hard inode-soft inode-hard -a
But I'm looking for a clean way to do it without workarounds with selinux!
The system includes a webserver and when someone uses the fileupload of
PHP, then the uploaded file will be stored in /tmp. So a quota of just 1
MB on /tmp for every user is not enough.
> If the quota limits need to be as strict as your first message indicates, then
> I'm surprised you haven't already had /tmp/ on a separate filesystem, with
> separate quotas set. Additionally, I always split off /tmp/ so *if* it
> fills, it doesn't "damage" my root filesystem.
Actually, /home is not part of the root-partition and /tmp could be a
symlink to /home/tmp so both can use the some quota definitions. But how
can I setup a system-wide policy that disallows to execute files from
/tmp or /home/tmp?
Regards
Marten
More information about the fedora-selinux-list
mailing list