infra/dch-selinux
1
0
Fork 0
Code Packages Activity
5 Commits 1 Branch 0 Tags
5a0e5de56a2ac72d92b32706161536a2358d3997
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dustin C. Hatch 5a0e5de56a
All checks were successful
infra/dch-selinux/pipeline/head This commit looks good
Details
ci: Build/sign RPMs for multiple Fedora versions 
* Use `matrix` to generate pipelines for multiple Fedora versions
* Sign RPM packages using the Jenkins GPG key
* Publish RPM files to *dch* repository on *files.pyrocufflink.blue*
  instead of Gitea (the latter cannot handle multiple releases of the
  same package)
2024-06-03 09:52:43 -05:00
ci
ci: Build/sign RPMs for multiple Fedora versions
2024-06-03 09:52:43 -05:00
.gitignore
Add RPM spec
2023-10-26 09:24:10 -05:00
dch-samba.fc
Initial commit
2021-08-26 21:18:41 -05:00
dch-samba.if
Initial commit
2021-08-26 21:18:41 -05:00
dch-samba.te
Initial commit
2021-08-26 21:18:41 -05:00
dch-selinux.spec
Add RPM spec
2023-10-26 09:24:10 -05:00
Makefile
meta: Publish to Gitea
2023-10-26 09:27:04 -05:00
README.md
Initial commit
2021-08-26 21:18:41 -05:00

README.md

Dustin's SELinux Policy Modules

This is a collection of SELinux policy modules that fix or augment the default SELinux policy for Fedora/RHEL.

dch-samba

The SELinux reference policy does not have rules for the Samba Active Directory Domain Controller ("samba4"). On Fedora/RHEL, /usr/bin/samba runs in unconfined_service_t. This is fine for the DC functionality itself, but breaks winbindd. The refpolicy does have rules for winbind, but they expect it to run in its own domain, winbind_t. Since winbindd is started by samba when running on a DC, it runs in unconfined_service_t as well.

The dch-samba policy module adds a couple of rules to allow samba to launch winbindd in the correct domain, and fixes up a few other AVC denials that come from doing this.

Description
SELinux policy modules
Readme 46 KiB
Languages
Makefile 61.3%
Shell 38.7%