You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 lines
1.0 KiB
36 lines
1.0 KiB
---
|
|
|
|
- name: Set correct SELinux context on the ntp_signd socket dir
|
|
sefcontext:
|
|
target: "/var/lib/samba/ntp_signd(/.*)?"
|
|
setype: ntpd_var_run_t
|
|
state: present
|
|
when: samba_role == 'dc' or samba_role == 'rodc'
|
|
register: samba_ntp_selinux
|
|
tags: samba
|
|
|
|
- name: Restore SELinux context
|
|
command: restorecon -R /var/lib/samba/
|
|
when: samba_ntp_selinux is defined and samba_ntp_selinux.changed
|
|
tags: samba
|
|
|
|
- name: Set SEbool
|
|
seboolean: name={{ item }} state=True persistent=True
|
|
when: samba_role == 'dc' or samba_role == 'rodc'
|
|
with_items:
|
|
- samba_domain_controller
|
|
tags: samba
|
|
|
|
- name: Copy custom policy
|
|
copy: src=samba-dc.te dest=/etc/selinux/targeted/local/
|
|
register: samba_dc_selinux
|
|
tags: samba
|
|
|
|
- name: Compile and load SELinux policy
|
|
shell: |
|
|
cd /etc/selinux/targeted/local/
|
|
checkmodule -M -m -o samba-dc.mod samba-dc.te
|
|
semodule_package -o samba-dc.pp -m samba-dc.mod
|
|
semodule -i /etc/selinux/targeted/local/samba-dc.pp
|
|
when: samba_dc_selinux is defined and samba_dc_selinux.changed
|
|
tags: samba
|
|
|