Users in the Interactive_restricted group can read files and execute commands. They cannot modify any files except for files on this predefined list.
The following files have AC_FILE_F_RESTRICTED_BYPASS privileges:
/selinux/use* /selinux/contex** /proc/*/loginuid /dev/pt* /dev/pts/* /dev/nul* /dev/tt* /tmp/** /var/run/utm* /var/log/wtm* /var/log/lastlo* /proc/*/attr/exec
/var/adm/lastlo* /var/adm/wtmp* /devices/pseudo/* /var/adm/utmp* /var/adm/sulo* /etc/utmppip*
/etc/utmp* /dev/tc* /dev/ud* /dev/ptm* /dev/lo* /dev/tt* /var/spool/* /var/adm/wtmp*
/etc/utm* /dev/pt* /dev/pts/* /dev/nul* /dev/tt* /tmp/**
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|