To help prevent flawed or malicious applications from changing a user's files, you can use Boolean values to specify whether users can run applications in directories in which they have write access, such as the user's home directory hierarchy and /tmp.

The following settings let Oracle Linux users in the guest_t and xguest_t domains run applications in directories they can write to:

sudo setsebool -P allow_guest_exec_content on
sudo setsebool -P allow_xguest_exec_content on

The following settings prevent users in the staff_t and user_t domains from running applications in directories they can write to:

sudo setsebool -P allow_staff_exec_content off
sudo setsebool -P allow_user_exec_content off

For more information, see Customizing SELinux Policies.