Justin P. Mattock wrote: > if nothing the do a > sudo /usr/sbin/semodule -DB > (reboot) > then what does audit2allow say? > should give you some allow rules > if so add them to your policy. This will most likely output a very large number of rules that don't make sense, ie. they would do more bad than good. The basic problem is that the network scripts don't have their own restricted domain in which they could run. Running them from udev on 'network hotplug event' will copy the udev context, which doesn't have enough privileges to configure network. Giving these privileges to udev directly would be sub-optimal. Michal Svoboda
Attachment:
pgpH8l2FaGotI.pgp
Description: PGP signature
