1 .TH lctl-nodemap-set-sepol 8 "2019 Jan 21" Lustre "configuration utilities"
3 lctl-nodemap-set-sepol \- Set SELinux policy info on a nodemap.
7 .B lctl nodemap_set_sepol --name
14 adds SELinux policy info as described by
20 string describing the SELinux policy has the following syntax:
22 <mode>:<name>:<version>:<hash>
26 - <mode> is a digit telling if SELinux is in Permissive mode (0) or Enforcing
29 - <name> is the name of the SELinux policy
31 - <version> is the version of the SELinux policy
33 - <hash> is the computed hash of the binary representation of the policy, as
34 exported in /etc/selinux/<name>/policy/policy.<version>
39 string can be obtained on a client node known to enforce the right SELinux policy,
40 by calling the l_getsepol command line utility.
44 must enforce the SELinux policy described by
46 otherwise they are denied access to the Lustre file system.
50 is the name of the nodemap that this SELinux policy info should be associated
54 is the string describing the SELinux policy that clients must enforce. It has
55 to conform to the syntax described above.
59 # lctl nodemap_set_sepol --name restricted --sepol '1:mls:31:40afb76d077c441b69af58cccaaa2ca63641ed6e21b0a887dc21a684f508b78f'
60 # lctl nodemap_set_sepol --name admins --sepol ''
70 .BR lctl-nodemap-activate (8),
71 .BR lctl-nodemap-add (8),
72 .BR lctl-nodemap-del (8),
73 .BR lctl-nodemap-del-range (8),
74 .BR lctl-nodemap-add-idmap (8),
75 .BR lctl-nodemap-del-idmap (8),
76 .BR lctl-nodemap-modify (8)