[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: preventing unconfined users exec in home and tmp

From: Murray McAllister <mmcallis redhat com>
To: fedora-selinux-list redhat com
Subject: Re: preventing unconfined users exec in home and tmp
Date: Wed, 26 Nov 2008 11:23:43 +1000

Murray McAllister wrote:

Hi,
I have turned "allow_unconfined_exec_content" off, but unconfined users(unconfined_u) can still execute files in their home directories and /tmp/.
I tried adding a user with "useradd -Z unconfined_u". This user canstill execute. I could not find any dontaudit rules.
Am I missing something?

I am running Fedora release 10 (Cambridge):

selinux-policy-targeted-3.5.13-18.fc10.noarch
selinux-policy-3.5.13-18.fc10.noarch
selinux-policy-doc-3.5.13-18.fc10.noarch
libselinux-utils-2.0.73-1.fc10.i386
libselinux-python-2.0.73-1.fc10.i386
libselinux-2.0.73-1.fc10.i386
policycoreutils-2.0.57-11.fc10.i386

Cheers.

References:
- preventing unconfined users exec in home and tmp
  - From: Murray McAllister

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]