NAME

       nfs_selinux - Security Enhanced Linux Policy for NFS

DESCRIPTION

       Security Enhanced Linux secures the NFS server via flexible mandatory access control.

BOOLEANS

       SELinux  policy is customizable based on the least level of access required. SELinux can be configured to
       not allow NFS to share files. If you want to share NFS partitions, and only  allow  read-only  access  to
       those NFS partitions, turn the nfs_export_all_ro boolean on:

       setsebool -P nfs_export_all_ro 1

       If you want to share files read/write you must set the nfs_export_all_rw boolean.

       setsebool -P nfs_export_all_rw 1

       These  booleans  are  not  required  when  files  to  be  shared are labeled with the public_content_t or
       public_content_rw_t types. NFS can share files labeled with the public_content_t  or  public_content_rw_t
       types even if the nfs_export_all_ro and nfs_export_all_rw booleans are off.

       If  you  want  to  use  a  remote  NFS  server for the home directories on this machine, you must set the
       use_nfs_home_dirs boolean:

       setsebool -P use_nfs_home_dirs 1

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

       selinux(8), chcon(1), setsebool(8)