[Samba] selinux whac-a-mole - samba/ctdb/winbindd/....
Robert Marcano
robert at marcanoonline.com
Mon Mar 29 16:32:24 UTC 2021
On 3/29/21 11:55 AM, Robert Buck via samba wrote:
> So I'm starting to feel like we're playing SELinux whac-a-mole with
> Samba/CTDB/Winbind/....
>
> Is there a complete package out there including all of the security rules
> for Samba so that I don't have to keep on finding more issues in
> production? I'm looking for a .te file with all the settings one could
> possibly want.
The default distro policy should be enough, It should be based on the
reference policy [1]
But these reference policy is customized for Samba built for /usr prefix
and /var for data, not for any locally built Samba installed on another
directories.
You can build it on the expected directories for the reference policy or
you would need to customize it otherwise.
[1]
https://github.com/SELinuxProject/refpolicy/blob/master/policy/modules/services/samba.te
>
> We don't want to disable SELinux, clearly.
>
> Thanks in advance
>
> Bob
>
More information about the samba
mailing list