Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
5.3. Booleans
SELinux is based on the least level of access required for a service to run. Services can be run in a variety of ways; therefore, you need to specify how you run your services. Use the following Booleans to set up SELinux:
allow_ftpd_use_nfs- When enabled, this Boolean allows the
ftpddaemon to access NFS volumes. cobbler_use_nfs- When enabled, this Boolean allows the
cobblerddaemon to access NFS volumes. git_system_use_nfs- When enabled, this Boolean allows the Git system daemon to read system shared repositories on NFS volumes.
httpd_use_nfs- When enabled, this Boolean allows the
httpddaemon to access files stored on NFS volumes. qemu_use_nfs- When enabled, this Boolean allows Qemu to use NFS volumes.
rsync_use_nfs- When enabled, this Boolean allows
rsyncservers to share NFS volumes. samba_share_nfs- When enabled, this Boolean allows the
smbddaemon to share NFS volumes. When disabled, this Boolean preventssmbdfrom having full access to NFS shares via Samba. sanlock_use_nfs- When enabled, this Boolean allows the
sanlockdaemon to manage NFS volumes. sge_use_nfs- When enabled, this Boolean allows the
sgescheduler to access NFS volumes. use_nfs_home_dirs- When enabled, this Boolean adds support for NFS home directories.
virt_use_nfs- When enabled, this Boolean allows confident virtual guests to manage files on NFS volumes.
xen_use_nfs- When enabled, this Boolean allows
Xento manage files on NFS volumes. git_cgi_use_nfs- When enabled, this Boolean allows the Git Common Gateway Interface (CGI) to access NFS volumes.
tftp_use_nfs- When enabled, this Boolean allows The Trivial File Transfer Protocol (TFTP) to read from NFS volumes for public file transfer services.
Note
Due to the continuous development of the SELinux policy, the list above might not contain all Booleans related to the service at all times. To list them, run the following command as root:
~]# semanage boolean -l | grep service_name