[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Which permission to execute a script?

From: Bruno Wolff III <bruno wolff to>
To: Daniel J Walsh <dwalsh redhat com>
Cc: fedora-selinux-list redhat com
Subject: Re: Which permission to execute a script?
Date: Mon, 24 Nov 2008 10:43:10 -0600

On Mon, Nov 24, 2008 at 10:40:56 -0500,
  Daniel J Walsh <dwalsh redhat com> wrote:
> 
> A couple of things, people have asked for the ability to stop the
> execution of programs in the homedir.  So the least priv app does not
> have the ability to execute content.  Since xguest has the ability to
> execute perl, sh, python and other interpreters, the value of shutting
> down execution in the homedir is questionable.  This means
> ~/bin/myscript.sh will fail, but sh ~/bin/myscript.sh will work.  The
> blocking of execution does work for all compiled code.

OK, that explains what I was seeing.

> The policy is for the boolean allows the execution of user_home_t, but
> not other labeled file in the homedir, which is a bug.

And I think that explains why changing the booleans didn't fix my specific
situation.

Thanks for the explanation.

References:
- Which permission to execute a script?
  - From: Bruno Wolff III
- Re: Which permission to execute a script?
  - From: Daniel J Walsh
- Re: Which permission to execute a script?
  - From: Bruno Wolff III
- Re: Which permission to execute a script?
  - From: Daniel J Walsh
- Re: Which permission to execute a script?
  - From: Bruno Wolff III
- Re: Which permission to execute a script?
  - From: Bruno Wolff III
- Re: Which permission to execute a script?
  - From: Bruno Wolff III
- Re: Which permission to execute a script?
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]