[Samba] selinux whac-a-mole - samba/ctdb/winbindd/....
robert at marcanoonline.com
Mon Mar 29 16:32:24 UTC 2021
On 3/29/21 11:55 AM, Robert Buck via samba wrote:
> So I'm starting to feel like we're playing SELinux whac-a-mole with
> Is there a complete package out there including all of the security rules
> for Samba so that I don't have to keep on finding more issues in
> production? I'm looking for a .te file with all the settings one could
> possibly want.
The default distro policy should be enough, It should be based on the
reference policy 
But these reference policy is customized for Samba built for /usr prefix
and /var for data, not for any locally built Samba installed on another
You can build it on the expected directories for the reference policy or
you would need to customize it otherwise.
> We don't want to disable SELinux, clearly.
> Thanks in advance
More information about the samba