On Fri, Oct 14, 2016 at 09:44:11AM +0200, Sumit Bose wrote: > On Fri, Oct 14, 2016 at 12:41:23AM +0200, Jacquelin Charbonnel wrote: > > Thank you for this information. Yes, /tmp is writable. > > > > My problem is : access are sometimes definitively refused for random > > user > > who wants to log in diskless workstations. > > But if this banned user tries to connect to the single machine which > > mounts > > the fs in rw mode, it's work, and this solve immediately its problem on all > > the other stateless machines !? Strange... > > Maybe it is the selinux_provider, iirc at least in older version it used > to write some data somewhere below /etc/selinux/. You can easily test > this by setting 'selinux_provider = none' in the domain section in > ssd.conf.
Aah, that's probably it. We no longer write to the directory directly, but we call libsemanage functions that do. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project