This was meant to be about file permissions, not SELinux contexts: "The application must be configured by default to have file permissions which protect it from unprivileged processes."
Please add regular file permissions wording; it could be as simple as searching for world-writable files or sensitive world-readable files etc. We should chat about our expectations for SELinux policy, too (+Steve G).
This was meant to be about file permissions, not SELinux contexts: "The application must be configured by default to have file permissions which protect it from unprivileged processes."
Please add regular file permissions wording; it could be as simple as searching for world-writable files or sensitive world-readable files etc. We should chat about our expectations for SELinux policy, too (+Steve G).