On 03/13/2018 02:45 PM, Ed Greshko wrote: > A while back I needed virtmanager to access an ISO file which resides on an NFS > mount. So, I enabled virt_use_nfs. > > Today I was doing some research to help someone else and I noticed that "semanage > boolean -l" shows. > > virt_use_nfs (on , on) Allow virt to use nfs > > According to the header of the output the first "on" is the state while the second is > default. Since I had to enable it I would have thought I would see > > virt_use_nfs (on , off) Allow virt to use nfs > > Am I missing something? > Hi Ed, It's because "semanage boolean -m " will modify actual state and also default value which is important for reboot. Next tool for changing values of boolean is "setsebool" if you use: # setsebool virt_use_nfs=1 ; this will turn on mentioned boolean but it will be off after reboot. # setsebool -P virt_use_nfs=1 ; will turn on mentioned boolean and it will be persistent, it stay on after reboot. So: If you use: semanage boolean -m --on virt_use_nfs is same as setsebool -P virt_use_nfs=1 and result will be: virt_use_nfs (on , on) Allow virt to use nfs If you use setsebool virt_use_nfs=1 result will be: virt_use_nfs (on , off) Allow virt to use nfs I hope it's clear now. Lukas. > > > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx > -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc.
Attachment:
0x633F6955.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
