nfs_selinux(8)         NFS Selinux Policy documentation         nfs_selinux(8)
NAME
       nfs_selinux - Security Enhanced Linux Policy for NFS

DESCRIPTION
       Security  Enhanced  Linux secures the NFS server via flexible mandatory
       access control.

BOOLEANS
       SELinux policy is customizable based  on  the  least  level  of  access
       required. By default, SELinux policy does not allow NFS to share files.
       If you want to share NFS partitions, and only allow read-only access to
       those NFS partitions, turn the nfs_export_all_ro boolean on:

       setsebool -P nfs_export_all_ro 1

       If   you   want   to   share   files   read/write   you  must  set  the
       nfs_export_all_rw boolean.

       setsebool -P nfs_export_all_rw 1

       These  booleans  are  not  required when files to be shared are labeled
       with the public_content_t or public_content_rw_t types. NFS  can  share
       files  labeled  with  the public_content_t or public_content_rw_t types
       even if the nfs_export_all_ro and nfs_export_all_rw booleans are off.

       If you want to use a remote NFS server for the home directories on this
       machine, you must set the use_nfs_home_dirs boolean:

       setsebool -P use_nfs_home_dirs 1

       system-config-securitylevel  is  a  GUI  tool  available  to  customize
       SELinux policy settings.

AUTHOR
       This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO
       selinux(8), chcon(1), setsebool(8)

dwalsh@redhat.com                 9 Feb 2009                    nfs_selinux(8)