1 .TH LCTL-NODEMAP_SET_SEPOL 8 "2019-01-21" Lustre "configuration utilities"
3 lctl-nodemap_set_sepol \- set SELinux policy info on a nodemap
6 .B lctl nodemap_set_sepol --name
13 adds SELinux policy info as described by
19 string describing the SELinux policy has the following syntax:
21 <mode>:<name>:<version>:<hash>
25 - <mode> is a digit telling if SELinux is in Permissive mode (0) or Enforcing
28 - <name> is the name of the SELinux policy
30 - <version> is the version of the SELinux policy
32 - <hash> is the computed hash of the binary representation of the policy, as
33 exported in /etc/selinux/<name>/policy/policy.<version>
38 string can be obtained on a client node known to enforce the right SELinux policy,
39 by calling the l_getsepol command line utility.
43 must enforce the SELinux policy described by
45 otherwise they are denied access to the Lustre file system.
49 is the name of the nodemap that this SELinux policy info should be associated
53 is the string describing the SELinux policy that clients must enforce. It has
54 to conform to the syntax described above.
58 # lctl nodemap_set_sepol --name restricted --sepol '1:mls:31:40afb76d077c441b69af58cccaaa2ca63641ed6e21b0a887dc21a684f508b78f'
59 # lctl nodemap_set_sepol --name admins --sepol ''
69 .BR lctl-nodemap-activate (8),
70 .BR lctl-nodemap-add (8),
71 .BR lctl-nodemap-del (8),
72 .BR lctl-nodemap-del-range (8),
73 .BR lctl-nodemap-add-idmap (8),
74 .BR lctl-nodemap-del-idmap (8),
75 .BR lctl-nodemap-modify (8)