I’m getting this when I try to use the Cisco-compatible VPN in NM.
SELinux is preventing nm-vpnc-service from execute access on the file /usr/bin/consolehelper.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that nm-vpnc-service should be allowed execute access on the consolehelper file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'nm-vpnc-service' --raw | audit2allow -M my-nmvpncservice
# semodule -X 300 -i my-nmvpncservice.pp
Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:object_r:consolehelper_exec_t:s0
Target Objects /usr/bin/consolehelper [ file ]
Source nm-vpnc-service
Source Path nm-vpnc-service
Port <Unknown>
Source RPM Packages
Target RPM Packages usermode-1.114-12.fc42.x86_64
SELinux Policy RPM selinux-policy-targeted-41.40-1.fc42.noarch
Local Policy RPM selinux-policy-targeted-41.40-1.fc42.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Platform Linux wrangler 6.14.6-300.fc42.x86_64 #1 SMP
PREEMPT_DYNAMIC Fri May 9 20:11:19 UTC 2025
x86_64
Alert Count 8
First Seen 2025-05-21 17:30:10 PDT
Last Seen 2025-05-22 12:48:52 PDT
Local ID 5a373c99-3858-486d-830d-923e45a60064
Raw Audit Messages
type=AVC msg=audit(1747943332.644:77): avc: denied { execute } for pid=3719479 comm="nm-vpnc-service" name="consolehelper" dev="dm-2" ino=8249 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:consolehelper_exec_t:s0 tclass=file permissive=0
Hash: nm-vpnc-service,NetworkManager_t,consolehelper_exec_t,file,execute