Currently, usernetctl does not make any attempt to cooperate with
SELinux and runs all scripts in the originating context of the caller.
As a result, SELinux would not let ordinary users (or staff_r users
for that matter) to control the USERCTL=yes devices.
Update: when running in enforcing mode with policy-1.9-11, the staff_r
can control the USERCTL=yes devices.
Hopefully we just need to:
- Check that the user_r works too (assuming it is desirable).
- Add dontaudit for messages that get generated.
Closing bugs on older releases. Apologies for any lack of response.
Does this persist on FC3/FC4 with strict policy?
I have no idea. I am currently using FC3 with the targeted policy.
I will cloase this bug since, NetworkManager should handle this functionality
now and most users are using targeted policy anyways.