Description of problem: For the fix for #1066037, there is an additional change required: allow firewalld_t net_conf_t:dir write; Firewalld is trying to change the ZONE setting in the ifcfg file that is using the interface, for which the zone binding has been requested. Only if there is an ifcfg file using this interface. There is a new te file for RHEL-7 that contains the requested change: http://people.redhat.com/twoerner/firewalld/0.4.2-1.el7/firewalld-0.4.te Please add this for F-23, F-24 and rawhide.
Thomas, Could you attach AVCs for this issue?
This is from RHEl-7: avc: denied { write } for pid=23778 comm="firewalld" name="network-scripts" dev="sda7" ino=101097109 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=dir
F-23: avc: denied { write } for pid=8714 comm="firewalld" name="network-scripts" dev="sda2" ino=2883890 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:net_conf_t:s0 tclass=dir permissive=0
selinux-policy-3.13.1-158.21.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-7bed6e7c72
selinux-policy-3.13.1-158.21.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.