A while back I needed virtmanager to access an ISO file which resides on an NFS mount. So, I enabled virt_use_nfs.
Today I was doing some research to help someone else and I noticed that "semanage boolean -l" shows.
virt_use_nfs (on , on) Allow virt to use nfs
According to the header of the output the first "on" is the state while the second is default. Since I had to enable it I would have thought I would see
virt_use_nfs (on , off) Allow virt to use nfs
Am I missing something?
On 03/13/2018 02:45 PM, Ed Greshko wrote:
A while back I needed virtmanager to access an ISO file which resides on an NFS mount. So, I enabled virt_use_nfs.
Today I was doing some research to help someone else and I noticed that "semanage boolean -l" shows.
virt_use_nfs (on , on) Allow virt to use nfs
According to the header of the output the first "on" is the state while the second is default. Since I had to enable it I would have thought I would see
virt_use_nfs (on , off) Allow virt to use nfs
Am I missing something?
Hi Ed,
It's because "semanage boolean -m " will modify actual state and also default value which is important for reboot.
Next tool for changing values of boolean is "setsebool" if you use:
# setsebool virt_use_nfs=1 ; this will turn on mentioned boolean but it will be off after reboot.
# setsebool -P virt_use_nfs=1 ; will turn on mentioned boolean and it will be persistent, it stay on after reboot.
So:
If you use: semanage boolean -m --on virt_use_nfs is same as setsebool -P virt_use_nfs=1 and result will be:
virt_use_nfs (on , on) Allow virt to use nfs
If you use setsebool virt_use_nfs=1 result will be:
virt_use_nfs (on , off) Allow virt to use nfs
I hope it's clear now.
Lukas.
selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org --
Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc.
On 03/13/18 23:14, Lukas Vrabec wrote:
On 03/13/2018 02:45 PM, Ed Greshko wrote:
A while back I needed virtmanager to access an ISO file which resides on an NFS mount. So, I enabled virt_use_nfs.
Today I was doing some research to help someone else and I noticed that "semanage boolean -l" shows.
virt_use_nfs (on , on) Allow virt to use nfs
According to the header of the output the first "on" is the state while the second is default. Since I had to enable it I would have thought I would see
virt_use_nfs (on , off) Allow virt to use nfs
Am I missing something?
Hi Ed,
It's because "semanage boolean -m " will modify actual state and also default value which is important for reboot.
Next tool for changing values of boolean is "setsebool" if you use:
# setsebool virt_use_nfs=1 ; this will turn on mentioned boolean but it will be off after reboot.
# setsebool -P virt_use_nfs=1 ; will turn on mentioned boolean and it will be persistent, it stay on after reboot.
So:
If you use: semanage boolean -m --on virt_use_nfs is same as setsebool -P virt_use_nfs=1 and result will be:
virt_use_nfs (on , on) Allow virt to use nfs
If you use setsebool virt_use_nfs=1 result will be:
virt_use_nfs (on , off) Allow virt to use nfs
I hope it's clear now.
Yes, that clears it up nicely.
Thanks.
Ed
selinux@lists.fedoraproject.org
-
Ed Greshko -
Lukas Vrabec