infra/dch-selinux
1
0
Fork 0
Code Packages Activity
1 Commit 1 Branch 0 Tags
94ee6e6f6113e19b7ba8b5bf069d6b0dde53df97
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dustin C. Hatch 94ee6e6f61 Initial commit
2021-08-26 21:18:41 -05:00
.gitignore
Initial commit
2021-08-26 21:18:41 -05:00
dch-samba.fc
Initial commit
2021-08-26 21:18:41 -05:00
dch-samba.if
Initial commit
2021-08-26 21:18:41 -05:00
dch-samba.te
Initial commit
2021-08-26 21:18:41 -05:00
Makefile
Initial commit
2021-08-26 21:18:41 -05:00
README.md
Initial commit
2021-08-26 21:18:41 -05:00

README.md

Dustin's SELinux Policy Modules

This is a collection of SELinux policy modules that fix or augment the default SELinux policy for Fedora/RHEL.

dch-samba

The SELinux reference policy does not have rules for the Samba Active Directory Domain Controller ("samba4"). On Fedora/RHEL, /usr/bin/samba runs in unconfined_service_t. This is fine for the DC functionality itself, but breaks winbindd. The refpolicy does have rules for winbind, but they expect it to run in its own domain, winbind_t. Since winbindd is started by samba when running on a DC, it runs in unconfined_service_t as well.

The dch-samba policy module adds a couple of rules to allow samba to launch winbindd in the correct domain, and fixes up a few other AVC denials that come from doing this.

Description
SELinux policy modules
Readme 46 KiB
Languages
Makefile 61.3%
Shell 38.7%