No the only potential problem with this would be is if you setup Confined Users to be provided by something like IPA, and sssd was not able to contact the IPA server after a reboot. Then potentially a user would be allowed to login with a different user domain. IE It will fallback to the __default__ user. On 03/31/2014 06:08 PM, Andy Ruch wrote: > Hello, > > I'm implementing SSSD on my RHEL 6.5 system with a read-only root filesystem. SSSD attempts to write a file to /etc/selinux/<policy>/logins that maps the linux user to an selinux user. However, this causes problems since /etc is read-only. I've played with mounting /etc/selinux/<policy>/logins in tmpfs and everything seems to work. My questions really comes down to: > > > 1) Are there any security concerns with having the 'logins' directory in tmpfs? > > > 2) Are there any functional considerations if the 'logins' directory gets erased every time the system reboots? > > > > Thanks, > Andy Ruch >
