I upgraded my system from Fedora 35 → 36. I was careful to fully update f35 before upgrading to f36 because I had read about SELinux issues needing to be fixed. I upgraded on 5/16.
After the upgrade, my VPN setup stopped working because the associated Network Manager Dispatcher script was being denied access to resources by SELinux.
May 17 15:12:50 laptop nm-dispatcher[46169]: + ip route add x.x.x.x/32 dev tun0 src x.x.x.x table 200
May 17 15:12:50 laptop audit[46169]: AVC avc: denied { getattr } for pid=46169 comm=“00-routing.sh” path=“/usr/sbin/ip” dev=“dm-0” ino=3757299 scontext=system_u:system_r:NetworkManager_dispatcher_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0
May 17 15:12:50 laptop nm-dispatcher[46179]: /etc/NetworkManager/dispatcher.d/00-routing.sh: line 45: ip: command not found
I tried to relabel the folder, but the command did not change anything:
restorecon -R -v /etc/NetworkManager
[laptop ~]$ ls -laZ /etc/NetworkManager/dispatcher.d/
total 4
-rwx------. 1 root root unconfined_u:object_r:NetworkManager_dispatcher_script_t:s0 2008 May 17 15:11 00-routing.sh
drwxr-xr-x. 1 root root system_u:object_r:NetworkManager_dispatcher_script_t:s0 0 May 13 06:01 no-wait.d
drwxr-xr-x. 1 root root system_u:object_r:NetworkManager_dispatcher_script_t:s0 0 May 13 06:01 pre-down.d
drwxr-xr-x. 1 root root system_u:object_r:NetworkManager_dispatcher_script_t:s0 0 May 13 06:01 pre-up.d
When I disable SELinux, everything works as expected with warnings in the logs.
sudo setenforce 0
I am not sure what I should try next.