Difference between revisions of "Redhat:NFS SELinux"
Jump to navigation
Jump to search
(Created page with "== NFS SELinux Types == There are only two file types associated with NFS: {| class="wikitable" |- | var_lib_nfs_t || Dynamic files in the /var/lib/nfs directory. These fil...") |
|||
| Line 7: | Line 7: | ||
| var_lib_nfs_t || Dynamic files in the /var/lib/nfs directory. These files are updated as shares are mounted. | | var_lib_nfs_t || Dynamic files in the /var/lib/nfs directory. These files are updated as shares are mounted. | ||
|- | |- | ||
| − | | nfsd_exec_t || System Executable files such as rpm.mountd. There are two closley related types: rpcd_exec_t and gssd_exec_t for the | + | | nfsd_exec_t || System Executable files such as rpm.mountd. There are two closley related types: rpcd_exec_t and gssd_exec_t for the equivalent files used for RPCs and Communications with kerberos |
| + | |- | ||
| + | |} | ||
| + | |||
| + | Generally there is no need to assign these types to NFS directories, so they are only shown for reference. | ||
| + | |||
| + | |||
| + | == NFS SELinux Booleans == | ||
| + | |||
| + | For NFS all global modules are enabled by default. | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |- | ||
| + | | allow_gssd_read_tmp || Supports reading of temp Directories by security services (gssd) | ||
| + | |- | ||
| + | | httpd_use_nfs|| Apache access to nfs | ||
| + | |- | ||
| + | | cd_record_read_content|| cdrecord access to nfs | ||
| + | |- | ||
| + | | allow_ftpd_use_nfs|| ftp access to nfs | ||
| + | |- | ||
| + | | git_system_use_nfs|| git access to nfs | ||
| + | |- | ||
| + | | nfs_export_all_ro || read only access to nfs | ||
| + | |- | ||
| + | | nfs_export_all_rw || read write access to nfs | ||
| + | |- | ||
| + | | use_nfs_home_dirs || enables mounting of home directories | ||
| + | |- | ||
| + | | qemu_use_nfs || quick emulator access to nfs | ||
| + | |- | ||
| + | | allow-nfsd_anon_write || nfs servers modification of files on public file transfer services | ||
| + | |- | ||
| + | | virt_use_nfs || VM access to nfs | ||
| + | |- | ||
| + | | xen_use_nfs || xen VM access to nfs | ||
|- | |- | ||
|} | |} | ||
Latest revision as of 12:40, 25 August 2013
NFS SELinux Types
There are only two file types associated with NFS:
| var_lib_nfs_t | Dynamic files in the /var/lib/nfs directory. These files are updated as shares are mounted. |
| nfsd_exec_t | System Executable files such as rpm.mountd. There are two closley related types: rpcd_exec_t and gssd_exec_t for the equivalent files used for RPCs and Communications with kerberos |
Generally there is no need to assign these types to NFS directories, so they are only shown for reference.
NFS SELinux Booleans
For NFS all global modules are enabled by default.
| allow_gssd_read_tmp | Supports reading of temp Directories by security services (gssd) |
| httpd_use_nfs | Apache access to nfs |
| cd_record_read_content | cdrecord access to nfs |
| allow_ftpd_use_nfs | ftp access to nfs |
| git_system_use_nfs | git access to nfs |
| nfs_export_all_ro | read only access to nfs |
| nfs_export_all_rw | read write access to nfs |
| use_nfs_home_dirs | enables mounting of home directories |
| qemu_use_nfs | quick emulator access to nfs |
| allow-nfsd_anon_write | nfs servers modification of files on public file transfer services |
| virt_use_nfs | VM access to nfs |
| xen_use_nfs | xen VM access to nfs |