| it took me about 10-15 minutes to turn my eyes towards SELinux, after some initial debugging. i turned off selinux temporarily and activated the connection successfully, and determined that it was indeed SELinux that was preventing NetworkManager from doing its job. then i re-enabled SELinux went to look at /var/log/audit/audit.log to see what it had to complain about and indeed some files created by NetworkManager in /root/.cert had bad contexts. I set the proper contexts (semanage fcontext -a -t <context> <pathregex>), applied them (restorecon -Rv /root) and all was well. SELinux was initially scary but: - The "SELinux for mere mortals" talks are very informative introductory video (https://www.youtube.com/watch?v=_WOKRaM-HI4) - The SELinux User's and Administrator's Guide from Red Hat was a deeper explaination (https://access.redhat.com/documentation/en-us/red_hat_enterp... -- linking to rhel 7 because that's what i read at the time) I had to study this stuff in order to get Red Hat certified (RHCSA, passed with 300/300). Getting certified is absolutely worth it. Getting certified is the difference between "10-15 minutes to get a diagnosis" and "I gave up on SELinux about 20 years ago". |