[Samba] selinux whac-a-mole - samba/ctdb/winbindd/....

Robert Marcano robert at marcanoonline.com
Mon Mar 29 16:32:24 UTC 2021

On 3/29/21 11:55 AM, Robert Buck via samba wrote:
> So I'm starting to feel like we're playing SELinux whac-a-mole with
> Samba/CTDB/Winbind/....
> Is there a complete package out there including all of the security rules
> for Samba so that I don't have to keep on finding more issues in
> production? I'm looking for a .te file with all the settings one could
> possibly want.

The default distro policy should be enough, It should be based on the 
reference policy [1]

But these reference policy is customized for Samba built for /usr prefix 
and /var for data, not for any locally built Samba installed on another 

You can build it on the expected directories for the reference policy or 
you would need to customize it otherwise.


> We don't want to disable SELinux, clearly.
> Thanks in advance
> Bob

More information about the samba mailing list