-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Murray McAllister wrote:
Murray McAllister wrote:
> Hi,
>
> I have turned "allow_unconfined_exec_content" off, but unconfined
> users (unconfined_u) can still execute files in their home directories
> and /tmp/.
>
> I tried adding a user with "useradd -Z unconfined_u". This user can
> still execute. I could not find any dontaudit rules.
>
> Am I missing something?
I am running Fedora release 10 (Cambridge):
selinux-policy-targeted-3.5.13-18.fc10.noarch
selinux-policy-3.5.13-18.fc10.noarch
selinux-policy-doc-3.5.13-18.fc10.noarch
libselinux-utils-2.0.73-1.fc10.i386
libselinux-python-2.0.73-1.fc10.i386
libselinux-2.0.73-1.fc10.i386
policycoreutils-2.0.57-11.fc10.i386
Cheers.
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list Yes this boolean really
should not exist, it is caused by calling an
interface. that allows PARAM to execute user_home_t, but unconfiened_t
can already execute any file on the system so the boolean has no effect.
The boolean only works for confined users.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkk1mcIACgkQrlYvE4MpobNI9gCglCtb/KiWAJGUW5Batvngsf3e
dQQAnRsPCndAvOw7o3ADhFL89qZq3fDI
=rUbd
-----END PGP SIGNATURE-----