nfs_selinux(8)                                  NFS SELinux Policy documentation                                  nfs_selinux(8)



NAME
       nfs_selinux - Security Enhanced Linux Policy for NFS

DESCRIPTION
       Security Enhanced Linux secures the NFS server via flexible mandatory access control.

BOOLEANS
       SELinux policy is customizable based on the least level of access required. SELinux can be configured to not allow NFS to
       share files. If you want to share NFS partitions, and only allow read-only access  to  those  NFS  partitions,  turn  the
       nfs_export_all_ro boolean on:


       setsebool -P nfs_export_all_ro 1

       If you want to share files read/write you must set the nfs_export_all_rw boolean.

       setsebool -P nfs_export_all_rw 1


       These  booleans  are  not  required  when files to be shared are labeled with the public_content_t or public_content_rw_t
       types. NFS can share files labeled with the public_content_t or public_content_rw_t types even if  the  nfs_export_all_ro
       and nfs_export_all_rw booleans are off.


       If you want to use a remote NFS server for the home directories on this machine, you must set the use_nfs_home_dirs bool-
       ean:

       setsebool -P use_nfs_home_dirs 1

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR
       This manual page was written by Dan Walsh <dwalshATredhat.com>.


SEE ALSO
       selinux(8), chcon(1), setsebool(8)



dwalshATredhat.com                                          9 Feb 2009                                             nfs_selinux(8)