noexec mount-option with selinux?
Marten Lehmann
lehmann at cnm.de
Thu May 11 14:00:54 UTC 2006
Hello,
> You can certainly not allow execute permission to *_tmp_t (the types
> applied to files created in /tmp) in your policy. In fact, most domains
> should already be that way.
but I don't want to create a policy for every single application. Just
think of file permissions: They are valid for every user, no matter
which application or service tries to access a certain file. The
permissions apply for all processes. The same is true if I would mount
/tmp on a separate partition wich noexec.
So, how can I setup a noexec-policy for /tmp selinux that applies for
all processes as file permissions or mount options do?
Regards
Marten
More information about the fedora-selinux-list
mailing list