From 94154a9f2b58689f6c859afd947c4c16e7167133 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 18 Feb 2018 10:06:20 -0600
Subject: [PATCH] roles/samba-dc: Correct restorecon path

Evidently, some files in `/var/lib/samba` match multiple file context
rules. Thus, when running `restorecon` against the entire
`/var/lib/samba` directory, files in the `bind-dns` subdirectory may end
up with the wrong label. To work around this issue, `restorecon` is now
run only on that subdirectory to ensure the correct labels are applied.

This is likely to cause problems when a full filesystem relabel is
scheduled.
---
 roles/samba-dc/handlers/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/samba-dc/handlers/main.yml b/roles/samba-dc/handlers/main.yml
index a3fbb71..392c4a3 100644
--- a/roles/samba-dc/handlers/main.yml
+++ b/roles/samba-dc/handlers/main.yml
@@ -1,5 +1,5 @@
 - name: restore samba file contexts
-  command: restorecon -RF /var/lib/samba
+  command: restorecon -RF /var/lib/samba/bind-dns
 - name: display generated admin password
   debug:
     var=samba_dc_provision.admin_password