Which permission to execute a script?
Bruno Wolff III
bruno at wolff.to
Mon Nov 24 16:43:10 UTC 2008
On Mon, Nov 24, 2008 at 10:40:56 -0500,
Daniel J Walsh <dwalsh at redhat.com> wrote:
>
> A couple of things, people have asked for the ability to stop the
> execution of programs in the homedir. So the least priv app does not
> have the ability to execute content. Since xguest has the ability to
> execute perl, sh, python and other interpreters, the value of shutting
> down execution in the homedir is questionable. This means
> ~/bin/myscript.sh will fail, but sh ~/bin/myscript.sh will work. The
> blocking of execution does work for all compiled code.
OK, that explains what I was seeing.
> The policy is for the boolean allows the execution of user_home_t, but
> not other labeled file in the homedir, which is a bug.
And I think that explains why changing the booleans didn't fix my specific
situation.
Thanks for the explanation.
More information about the fedora-selinux-list
mailing list