On 03/13/18 23:14, Lukas Vrabec wrote: > On 03/13/2018 02:45 PM, Ed Greshko wrote: >> A while back I needed virtmanager to access an ISO file which resides on an NFS >> mount. So, I enabled virt_use_nfs. >> >> Today I was doing some research to help someone else and I noticed that "semanage >> boolean -l" shows. >> >> virt_use_nfs (on , on) Allow virt to use nfs >> >> According to the header of the output the first "on" is the state while the second is >> default. Since I had to enable it I would have thought I would see >> >> virt_use_nfs (on , off) Allow virt to use nfs >> >> Am I missing something? >> > Hi Ed, > > It's because "semanage boolean -m " will modify actual state and also > default value which is important for reboot. > > Next tool for changing values of boolean is "setsebool" if you use: > > # setsebool virt_use_nfs=1 ; this will turn on mentioned boolean but it > will be off after reboot. > > # setsebool -P virt_use_nfs=1 ; will turn on mentioned boolean and it > will be persistent, it stay on after reboot. > > So: > > If you use: semanage boolean -m --on virt_use_nfs is same as setsebool > -P virt_use_nfs=1 and result will be: > > virt_use_nfs (on , on) Allow virt to use nfs > > If you use setsebool virt_use_nfs=1 result will be: > > virt_use_nfs (on , off) Allow virt to use nfs > > > I hope it's clear now. Yes, that clears it up nicely. Thanks. Ed -- Conjecture is just a conclusion based on incomplete information. It isn't a fact.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
