SELinux default modification
Posted: 2022/08/23 14:30:44
I installed latest CentOS 9 (server with HyperV guest tools), after installing enable cockpit and see this SELinux modifications on my system:
1. Allow virt to sandbox use all caps
2. Allow virt to use nfs
What is this? Why this SELinux rules for NFS and sandbox is default rules?
Details:
- name: Allow virt to sandbox use all caps
command: semanage boolean -m --on virt_sandbox_use_all_caps
- name: Allow virt to use nfs
command: semanage boolean -m --on virt_use_nfs
And my default script:
semanage import <<EOF
boolean -D
login -D
interface -D
user -D
port -D
node -D
fcontext -D
module -D
ibendport -D
ibpkey -D
permissive -D
boolean -m -1 virt_sandbox_use_all_caps
boolean -m -1 virt_use_nfs
EOF
1. Allow virt to sandbox use all caps
2. Allow virt to use nfs
What is this? Why this SELinux rules for NFS and sandbox is default rules?
Details:
- name: Allow virt to sandbox use all caps
command: semanage boolean -m --on virt_sandbox_use_all_caps
- name: Allow virt to use nfs
command: semanage boolean -m --on virt_use_nfs
And my default script:
semanage import <<EOF
boolean -D
login -D
interface -D
user -D
port -D
node -D
fcontext -D
module -D
ibendport -D
ibpkey -D
permissive -D
boolean -m -1 virt_sandbox_use_all_caps
boolean -m -1 virt_use_nfs
EOF