what do we do with user_home_t, and what more could we do with it?
Matthew Miller
mattdm at fedoraproject.org
Wed Oct 30 14:11:39 UTC 2013
There is some concern on the devel mailing list about user-writable
directories in the default $PATH -- initially discussion about ~/.local/bin
as a hidden file, but now also out to ~/bin as well. I notice that these are
home_bin_t. What does this do with the current policy, and what more could
we do? (Particularly, a compromised application shouldn't be able to put
binaries there, but a shell script or something like `pip install` probably
_should_ be able to.)
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm at fedoraproject.org>
More information about the selinux
mailing list