infra/dch-selinux
1
0
Fork 0
Code Packages Activity
7 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dustin C. Hatch 4261677265
All checks were successful
infra/dch-selinux/pipeline/head This commit looks good
Details
ci: prepare: Fix Unknown argument error on dnf5 
dnf5 does not recognize the `--` argument to mean "end of arguments"
like DNF 4 did.  To terminate the argument list, we need to use the "and
nothing" shell syntax.
2025-10-22 21:35:43 -05:00
ci
ci: prepare: Fix Unknown argument error on dnf5
2025-10-22 21:35:43 -05:00
.gitignore
Add RPM spec
2023-10-26 09:24:10 -05:00
dch-samba.fc
Initial commit
2021-08-26 21:18:41 -05:00
dch-samba.if
Initial commit
2021-08-26 21:18:41 -05:00
dch-samba.te
Initial commit
2021-08-26 21:18:41 -05:00
dch-selinux.spec
Add RPM spec
2023-10-26 09:24:10 -05:00
Makefile
meta: Publish to Gitea
2023-10-26 09:27:04 -05:00
README.md
Initial commit
2021-08-26 21:18:41 -05:00

README.md

Dustin's SELinux Policy Modules

This is a collection of SELinux policy modules that fix or augment the default SELinux policy for Fedora/RHEL.

dch-samba

The SELinux reference policy does not have rules for the Samba Active Directory Domain Controller ("samba4"). On Fedora/RHEL, /usr/bin/samba runs in unconfined_service_t. This is fine for the DC functionality itself, but breaks winbindd. The refpolicy does have rules for winbind, but they expect it to run in its own domain, winbind_t. Since winbindd is started by samba when running on a DC, it runs in unconfined_service_t as well.

The dch-samba policy module adds a couple of rules to allow samba to launch winbindd in the correct domain, and fixes up a few other AVC denials that come from doing this.

Description
SELinux policy modules
Readme 46 KiB
Languages
Makefile 61.3%
Shell 38.7%