From: guido@trentalancia.net (Guido Trentalancia) Date: Sun, 11 Dec 2016 16:22:45 +0100 Subject: [refpolicy] [PATCH] userdomain: do not execute temporary files Message-ID: <1481469765.600.1.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Executing temporary files is unsafe and dangerous and it is also unneeded on normal systems, therefore this patch removes such permission from the user_t domain. Signed-off-by: Guido Trentalancia --- policy/modules/system/userdomain.if | 1 - 1 file changed, 1 deletion(-) --- refpolicy-git-07122016-orig/policy/modules/system/userdomain.if 2016-12-07 13:39:08.672449330 +0100 +++ refpolicy-git-07122016/policy/modules/system/userdomain.if 2016-12-11 16:12:19.548933309 +0100 @@ -812,7 +812,6 @@ template(`userdom_login_user_template', userdom_manage_tmp_role($1_r, $1_t) userdom_manage_tmpfs_role($1_r, $1_t) - userdom_exec_user_tmp_files($1_t) userdom_exec_user_home_content_files($1_t) userdom_change_password_template($1)