Hello,
I recently updated my laptop to Fedora 43. I realized I had kept my laptop on an old kernel, and I switched to the latest kernel, 6.17.5 at the time (6.17.6 still provides the same issue). When I did this. I found my laptop had no internet connection, it was listed as Unknown. Only ethernet would work, and not reliably.
Besides this laptop, I have 2 other laptops I updated to Fedora 43 (and the latest kernel) and one of them had the exact same wifi card (Intel’s AX210 mini-pcie) and that one was working fine. This difference is the problem laptop has SElinux in enforcing mode and the deny_unknown policy set to deny. The only way I could resolve this was to go back to an old kernel, but I want the newest one.
After several hours have reviewing I realized the actual firmware wasn’t the issue. Journalctl revealed that “Permission firmware_load in class system not defined in policy”. This and a few other classes “will be denied” by SELinux. I went back to my SELinux configuration. By turning deny_unknown to allowed, it fixed the issue, but I was concerned about security of my device.
I researched SELinux and thought I need to add permission for firmware to load, and looked into audit2allow to create a rule to allow firmware to load. But when I used the command “audit2allow -a” this message showed up
“libsepol.sepol_string_to_av_perm: could not convert firmware_load to av bit”
Tried researching particular this message and absolutely nothing has come up. The only thing I can do right now is to allow unknown in SELinux, which isn’t secureI believe, but its the only thing that allows my laptop wifi access. I firmly believe this “av bit” is the problem and possibly a bug with libsepol maybe. I was hoping anyone could provide some assistance?