Description of problem: The nfs_selinux(8) manual page states "So by default SElinux policy does not allow nfs to share files", but the nfs_export_all_ro and nfs_export_all_rw Booleans are on by default, allowing NFS to share files. Version-Release number of selected component (if applicable): selinux-policy-3.5.13-41.fc10.noarch selinux-policy-targeted-3.5.13-41.fc10.noarch Actual results: $ getsebool nfs_export_all_ro nfs_export_all_rw nfs_export_all_ro --> on nfs_export_all_rw --> on Expected results: nfs_export_all_ro and nfs_export_all_rw off by default, or man page updated. Additional info: I checked on two Fedora 10 machines - both had these booleans on by default. On another Fedora 10 machine: * yum remove selinux-policy selinux-policy-targeted * rm /etc/selinux/ -rf * rebooted * yum installed selinux-policy selinux-policy-targeted * reboot and relabel Booleans were both on. I could not find local changes in "/etc/selinux/targeted/modules/active/" that would turn these on.
I think the man page should change to no mention the default. Since this can differ depending on the policy type. mls -- Off Targeted -- on
Fixed wording in selinux-policy-3.6.12-4.fc11.noarch