From 23f39f1115da670406009218a8863f75c248c3dc Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Tue, 20 May 2025 16:00:15 +0200
Subject: [PATCH] Update to 2025-05-20 16:00

---
 roles/samba/files/samba-dc.te | 5 ++++-
 roles/samba/tasks/selinux.yml | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/samba/files/samba-dc.te b/roles/samba/files/samba-dc.te
index fe1fa57..b098f40 100644
--- a/roles/samba/files/samba-dc.te
+++ b/roles/samba/files/samba-dc.te
@@ -1,11 +1,14 @@
-module samba-dc 1.0;
+module samba-dc 1.1;
 
 require {
         type ntpd_var_run_t;
+        type unconfined_service_t;
         type chronyd_t;
         class sock_file write;
+        class unix_stream_socket connectto;
 }
 
 #============= chronyd_t ==============
 allow chronyd_t ntpd_var_run_t:sock_file write;
+allow chronyd_t unconfined_service_t:unix_stream_socket connectto;
 
diff --git a/roles/samba/tasks/selinux.yml b/roles/samba/tasks/selinux.yml
index d7bce6c..d00e63c 100644
--- a/roles/samba/tasks/selinux.yml
+++ b/roles/samba/tasks/selinux.yml
@@ -19,6 +19,7 @@
   when: samba_role == 'dc' or samba_role == 'rodc'
   with_items:
     - samba_domain_controller
+    - rsync_sys_admin
   tags: samba
 
 - name: Copy custom policy