noexec mount-option with selinux?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Jun 7 17:58:41 UTC 2006
On Wed, 07 Jun 2006 18:03:18 +0200, Marten Lehmann said:
> Hello,
>
> > That means a fully working solution looks something like this:
> > $ mount --bind /home/tmp/ /home/tmp/
> > $ mount -o remount,noexec /home/tmp/
> > $ mount --bind /home/tmp/ /tmp/
>
> thanks, it really works. It even works after adding appropriate lines to
> /etc/fstab so this is automatically done at boot time (I was afraid that
> mount woudln't like entries with duplicate mountpoints).
You might also want to look at the pam_namespace code that's in Rawhide
right now... Per-userid /tmp and neat stuff like that....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060607/875c4df8/attachment.sig>
More information about the fedora-selinux-list
mailing list