Fedora Account System
Red Hat Associate
Red Hat Customer
Currently, usernetctl does not make any attempt to cooperate with SELinux and runs all scripts in the originating context of the caller. As a result, SELinux would not let ordinary users (or staff_r users for that matter) to control the USERCTL=yes devices. initscripts-7.48-1 policy-1.9-6
Update: when running in enforcing mode with policy-1.9-11, the staff_r can control the USERCTL=yes devices. Hopefully we just need to: - Check that the user_r works too (assuming it is desirable). - Add dontaudit for messages that get generated.
Closing bugs on older releases. Apologies for any lack of response. Does this persist on FC3/FC4 with strict policy?
I have no idea. I am currently using FC3 with the targeted policy.
I will cloase this bug since, NetworkManager should handle this functionality now and most users are using targeted policy anyways.