Description of problem: After having upgraded selinux to the latest release bridge interfaces no longer start during boot. Workaround was to change SELINUX=enforce to SELINUX=permissive in /etc/selinux/config Version-Release number of selected component (if applicable): kernel-2.6.22.1-27.fc7 selinux-policy-2.6.4-28.fc7 How reproducible: 100% Steps to Reproduce: 1. Upgrade to selinux-policy-2.6.4-28.fc7, kernel-2.6.22.1-27.fc7 2. Reboot 3. Enjoy the fact that your bridge interfaces no longer start Actual results: During boot (/etc/rc.d/init.d/network) a message "Bridge support not available in this kernel" show up. Expected results: Flawless operation Additional info: In syslog: Jul 25 08:20:11 home07 kernel: audit(1185344374.139:4): avc: denied { search } for pid=2222 comm="brctl" name="/" dev=sysfs ino=1 scontext=system_u:system_r:brctl_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir Jul 25 08:20:11 home07 kernel: audit(1185344374.139:5): avc: denied { getattr} for pid=2222 comm="brctl" name="net" dev=sysfs ino=1980 scontext=system_u:system_r:brctl_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir Jul 25 08:20:11 home07 kernel: audit(1185344374.139:6): avc: denied { read } for pid=2222 comm="brctl" name="net" dev=sysfs ino=1980 scontext=system_u:system_r:brctl_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
If you add that rule using audit2allow does it work properly?> grep brctl /var/log/audit/audit.log | audit2allow -M mybrctl semodule -i mybrctl.pp
This seems to solve the problem. I added the rule as requested, and I rebooted. Everything worked fine.
Fixed in selinux-policy-2.6.4-30.fc7
Closing as fixes are in the current release