Hi, I have made the changes to the policy as suggested my Miroslav. The reason I initially made two boolean's rather than one, is that OTP doesn't need the permissions granted by CHAP, and vice versa.
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux