My Samba4 service is being blocked from starting using systemctl. The audit log shows:
type=AVC msg=audit(1606428851.446:87): avc: denied { execute } for pid=1748 comm="(samba)"
name="samba" dev="dm-0" ino=1462831 scontext=system_u:system_r:init_t:s0
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0
Setting Selinux policy to "permissive" solves the problem .... but it's not a full time solution.
Samba was built locally. It's not a repo package. So as I understand I have to manually enable it's executable path in Selinux. But how can I do it?
Service definition file looks like:
[Unit]
Description=Samba Active Directory Domain Controller
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=/usr/local/samba/sbin/samba -D
PIDFile=/usr/local/samba/var/run/samba.pid
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target