---

- name: Set correct SELinux context on the ntp_signd socket dir
  sefcontext:
    target: "/var/lib/samba/ntp_signd(/.*)?"
    setype: ntpd_var_run_t
    state: present
  when: samba_role == 'dc' or samba_role == 'rodc'
  register: samba_ntp_selinux
  tags: samba

- name: Restore SELinux context
  command: restorecon -R /var/lib/samba/
  when: samba_ntp_selinux.changed
  tags: samba

- name: Set SEbool
  seboolean: name={{ item }} state=True persistent=True
  when: samba_role == 'dc' or samba_role == 'rodc'
  with_items:
    - samba_domain_controller
  tags: samba