SELinux default modification

Support for security such as Firewalls and securing linux
Post Reply
SecureFun
Posts: 1
Joined: 2022/08/23 14:23:36

SELinux default modification

Post by SecureFun » 2022/08/23 14:30:44

I installed latest CentOS 9 (server with HyperV guest tools), after installing enable cockpit and see this SELinux modifications on my system:
1. Allow virt to sandbox use all caps
2. Allow virt to use nfs

What is this? Why this SELinux rules for NFS and sandbox is default rules?

Details:
- name: Allow virt to sandbox use all caps
command: semanage boolean -m --on virt_sandbox_use_all_caps

- name: Allow virt to use nfs
command: semanage boolean -m --on virt_use_nfs

And my default script:
semanage import <<EOF
boolean -D
login -D
interface -D
user -D
port -D
node -D
fcontext -D
module -D
ibendport -D
ibpkey -D
permissive -D
boolean -m -1 virt_sandbox_use_all_caps
boolean -m -1 virt_use_nfs
EOF
Attachments
DD0EB84E-A196-4BCB-B095-AB4D32EBD488.jpg
DD0EB84E-A196-4BCB-B095-AB4D32EBD488.jpg (121.11 KiB) Viewed 2406 times

Post Reply