Provided by: selinux-policy-doc_2.20210203-10_all bug

NAME

       nfs_selinux - Security Enhanced Linux Policy for NFS

DESCRIPTION

       Security Enhanced Linux secures the NFS server via flexible mandatory access control.

BOOLEANS

       SELinux policy is customizable based on the least level of access required. SELinux can be
       configured to not allow NFS to share files. If you want to share NFS partitions, and  only
       allow read-only access to those NFS partitions, turn the nfs_export_all_ro boolean on:

       setsebool -P nfs_export_all_ro 1

       If you want to share files read/write you must set the nfs_export_all_rw boolean.

       setsebool -P nfs_export_all_rw 1

       These   booleans  are  not  required  when  files  to  be  shared  are  labeled  with  the
       public_content_t or public_content_rw_t types.  NFS  can  share  files  labeled  with  the
       public_content_t   or   public_content_rw_t   types  even  if  the  nfs_export_all_ro  and
       nfs_export_all_rw booleans are off.

       If you want to use a remote NFS server for the home directories on this machine, you  must
       set the use_nfs_home_dirs boolean:

       setsebool -P use_nfs_home_dirs 1

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

       selinux(8), chcon(1), setsebool(8)