Description of problem: In the homedir of user_u,it can execute the executable file. However,it should not have the permission to do it. Version-Release number of selected component (if applicable): selinux-policy-3.6.32-27.fc12.noarch 2.6.31.1-56.fc12.x86_64 How reproducible: Steps to Reproduce: follow the test case of user_u in the test day https://fedoraproject.org/wiki/Test_Day:2009-10-20#staff_u 1. service auditd restart service messagebus start service restorecond restart setenforce 1 2.useradd -Z user_u USERNAME 3.cp an executable file to the homedir of USERNAME. eg. some .sh file 4.log into the USERNAME 5.execute the executable file Actual results: succeeded in executing it. Expected results: failed to execute it for the permission denied. Additional info:
Was the boolean allow_user_exec_content turned on? setsebool -P allow_user_exec_content 0 Should preven the execution. Should have had this in the test plan.