roles/samba-dc: Additional BIND SELinux contexts
The `/var/lib/samba/bind-dns` directory contains files that are hard-linked to files in the `/var/lib/samba/private` directory. All paths for a file must have the same context, or `restorecon` will effectively "toggle" the labels each time it is run.
This commit is contained in:
@@ -1,10 +1,16 @@
|
||||
samba_selinux_contexts:
|
||||
- path: /var/lib/samba/bind-dns/dns.keytab
|
||||
setype: named_conf_t
|
||||
- path: /var/lib/samba/private/dns.keytab
|
||||
setype: named_conf_t
|
||||
- path: /var/lib/samba/bind-dns/named.conf.*
|
||||
setype: named_conf_t
|
||||
- path: /var/lib/samba/bind-dns/dns(/.*)?
|
||||
setype: named_var_run_t
|
||||
- path: /var/lib/samba/private/sam.ldb.d/metadata.tdb
|
||||
setype: named_var_run_t
|
||||
- path: /var/lib/samba/private/sam.ldb.d/.*DNSZONES.*\.ldb
|
||||
setype: named_var_run_t
|
||||
samba_firewall:
|
||||
- dns
|
||||
- kerberos
|
||||
|
||||
Reference in New Issue
Block a user