r/samba-dc: Remove winbindd restorecon workaround

This work-around is no longer necessary as the default Fedora policy now
covers the Samba DC daemon.  It never really worked correctly, anyway,
because Samba doesn't start `winbindd` fast enough for the
`/run/samba/winbindd` directory to be created before systemd spawns the
`restorecon` process, so it would usually fail to start the service the
first time after a reboot.

roles/samba-dc/files/relabel-winbindd.conf

@@ -1,12 +0,0 @@
-# Fedora does not yet have a SELinux policy for the Samba AD DC process,
-# so it runs as unconfined_service_t. This causes all of its child
-# processes to run there as well, which prevents they create from being
-# labelled correctly. This is particularly problematic for winbindd, as
-# several outside processes need to communicate with it for identity
-# mapping, etc., so its socket absolutely must have the right label.
-#
-# To work around this problem, restorecon is run after samba starts up
-# to set the correct label on the winbindd socket directory.
-
-[Service]
-ExecStartPost=/usr/sbin/restorecon -RFv /run/samba/winbindd

roles/samba-dc/tasks/main.yml

@@ -74,14 +74,6 @@
     path=/etc/systemd/system/samba.service.d
     mode=0755
     state=directory
-- name: ensure samba4/winbind selinux work-around is in place
-  copy:
-    src=relabel-winbindd.conf
-    dest=/etc/systemd/system/samba.service.d/relabel-winbindd.conf
-    mode=0644
-  notify:
-  - reload systemd
-  - restart samba
 
 - name: ensure samba starts at boot
   service: