Not allowing Linux users to execute applications (which inherit users' permissions) in their home directories and /tmp/, which they have write access to, helps prevent flawed or malicious applications from modifying files that users own. In Red Hat Enterprise Linux 6, by default, Linux users in the guest_t and xguest_t domains can not execute applications in their home directories or /tmp/; however, by default, Linux users in the user_t and staff_t domains can.

Booleans are available to change this behavior, and are configured with the setsebool command. The setsebool command must be run as the Linux root user. The setsebool -P command makes persistent changes. Do not use the -P option if you do not want changes to persist across reboots:

/usr/sbin/setsebool -P allow_guest_exec_content on

/usr/sbin/setsebool -P allow_xguest_exec_content on

/usr/sbin/setsebool -P allow_user_exec_content off

/usr/sbin/setsebool -P allow_staff_exec_content off