Blame man/man8/nfs_selinux.8
|
Chris PeBenito |
bf080a |
.TH "nfs_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "nfs Selinux Policy documentation"
|
|
Chris PeBenito |
bf080a |
.SH "NAME"
|
|
Chris PeBenito |
bf080a |
nfs_selinux \- Security Enhanced Linux Policy for NFS
|
|
Chris PeBenito |
bf080a |
.SH "DESCRIPTION"
|
|
Chris PeBenito |
bf080a |
|
|
Chris PeBenito |
bf080a |
Security-Enhanced Linux secures the nfs server via flexible mandatory access
|
|
Chris PeBenito |
bf080a |
control.
|
|
Chris PeBenito |
bf080a |
.SH BOOLEANS
|
|
Chris PeBenito |
bf080a |
SELinux policy is customizable based on least access required. So by
|
|
Chris PeBenito |
bf080a |
default SElinux policy does not allow nfs to share files. If you want to
|
|
Chris PeBenito |
bf080a |
setup this machine to share nfs partitions read only, you must set the boolean nfs_export_all_ro boolean.
|
|
Chris PeBenito |
bf080a |
|
|
Chris PeBenito |
bf080a |
.TP
|
|
Chris PeBenito |
bf080a |
setsebool -P nfs_export_all_ro 1
|
|
Chris PeBenito |
bf080a |
.TP
|
|
Chris PeBenito |
bf080a |
If you want to share files read/write you must set the nfs_export_all_rw boolean.
|
|
Chris PeBenito |
bf080a |
.TP
|
|
Chris PeBenito |
bf080a |
setsebool -P nfs_export_all_rw 1
|
|
Chris PeBenito |
bf080a |
|
|
Chris PeBenito |
bf080a |
.TP
|
|
Chris PeBenito |
bf080a |
If you want to use a remote NFS server for the home directories on this machine, you must set the use_nfs_home_dir boolean.
|
|
Chris PeBenito |
bf080a |
.TP
|
|
Chris PeBenito |
bf080a |
setsebool -P use_nfs_home_dirs 1
|
|
Chris PeBenito |
bf080a |
.TP
|
|
Chris PeBenito |
bf080a |
system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
|
|
Chris PeBenito |
bf080a |
.SH AUTHOR
|
|
Chris PeBenito |
bf080a |
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
Chris PeBenito |
bf080a |
|
|
Chris PeBenito |
bf080a |
.SH "SEE ALSpppO"
|
|
Chris PeBenito |
bf080a |
selinux(8), chcon(1), setsebool(8)
|