13 lines
627 B
Plaintext
13 lines
627 B
Plaintext
# Fedora does not yet have a SELinux policy for the Samba AD DC process,
|
|
# so it runs as unconfined_service_t. This causes all of its child
|
|
# processes to run there as well, which prevents they create from being
|
|
# labelled correctly. This is particularly problematic for winbindd, as
|
|
# several outside processes need to communicate with it for identity
|
|
# mapping, etc., so its socket absolutely must have the right label.
|
|
#
|
|
# To work around this problem, restorecon is run after samba starts up
|
|
# to set the correct label on the winbindd socket directory.
|
|
|
|
[Service]
|
|
ExecStartPost=/usr/sbin/restorecon -RFv /run/samba/winbindd
|