Re: user home - disable execution

[Daniel J Walsh <dwalsh redhat com>]

Hal wrote:
> Hi all
>
> I am new to selinux and I want to use it to acheive 3 main goals:
> 1. disable execution of any executables located in users' home dir trees.
> 2. disable users to see what other users exist on the system.
> 3. disable users to see who is logged in and what processes is running.
>
> Does anybody have any policy modules doing something similar? I 
> need a starting point. A clue, what ever to point me the right direction.
> I have been reading "Selinux by example" and "SELINUX NSA'a open source
> Security Enhabced linux" but both books seem quite out of date. All I have
> learned is
> how to write useless rules, because I do not know how to make a modile how to
> use module to override the default policy etc. 
>
> Thanks in advance!
>
> Hal  
>
>   
I have just rebuilt rawhide policy and by default guest/xguest users 
will give you exactly what you request.

selinux-policy-3.0.3-6
>        
> ____________________________________________________________________________________
> Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
> http://smallbusiness.yahoo.com/webhosting 
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>