Bug 529830

Summary: SELinux failed to limit the authority of execute of user_u
Product: [Fedora] Fedora Reporter: jbao <jbao>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-20 21:28:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description jbao 2009-10-20 10:41:57 UTC 
Description of problem:
In the homedir of user_u,it can execute the executable file. However,it should not have the permission to do it.

Version-Release number of selected component (if applicable):
selinux-policy-3.6.32-27.fc12.noarch
2.6.31.1-56.fc12.x86_64


How reproducible:


Steps to Reproduce:
follow the test case of user_u in the test day 
https://fedoraproject.org/wiki/Test_Day:2009-10-20#staff_u 

1.
service auditd restart
service messagebus start
service restorecond restart
setenforce 1

2.useradd -Z user_u USERNAME
3.cp an executable file to the homedir of USERNAME.
eg. some .sh file

4.log into the USERNAME
5.execute the executable file
  
Actual results:
succeeded in executing it.

Expected results:
failed to execute it for the permission denied.

Additional info:
Comment 1 Daniel Walsh 2009-10-20 12:27:57 UTC 
Was the boolean allow_user_exec_content turned on?

setsebool -P allow_user_exec_content 0

Should preven the execution.  Should have had this in the test plan.