Update to 2021-08-30 18:00

3 years ago · 220e18a83a
parent edfd77fa31
commit 220e18a83a
2 changed files with 26 additions and 1 deletions
--- a/roles/samba/files/samba-dc.te
+++ b/roles/samba/files/samba-dc.te
@ -0,0 +1,11 @@
+module samba-dc 1.0;
+
+require {
+        type ntpd_var_run_t;
+        type chronyd_t;
+        class sock_file write;
+}
+
+#============= chronyd_t ==============
+allow chronyd_t ntpd_var_run_t:sock_file write;
+
--- a/roles/samba/tasks/selinux.yml
+++ b/roles/samba/tasks/selinux.yml
@ -11,7 +11,7 @@

 - name: Restore SELinux context
  command: restorecon -R /var/lib/samba/
-  when: samba_ntp_selinux.changed
+  when: samba_ntp_selinux is defined and samba_ntp_selinux.changed
  tags: samba

 - name: Set SEbool
@ -20,3 +20,17 @@
  with_items:
    - samba_domain_controller
  tags: samba
+
+- name: Copy custom policy
+  copy: src=samba-dc.te dest=/etc/selinux/targeted/local/
+  register: samba_dc_selinux
+  tags: samba
+
+- name: Compile and load SELinux policy
+  shell: |
+    cd /etc/selinux/targeted/local/
+    checkmodule -M -m -o samba-dc.mod samba-dc.te
+    semodule_package -o samba-dc.pp -m samba-dc.mod
+    semodule -i /etc/selinux/targeted/local/samba-dc.pp
+  when: samba_dc_selinux is defined and samba_dc_selinux.changed
+  tags: samba