Do you see any other SELinux denials in permissive mode?

# setenforce 0
# wpa_cli -i wlp3s0
# ausearch -m avc -m user_avc -m selinux_err -i -ts today

Thank you.

Created attachment 1840719 [details]
ausearch output

No. This is the the only denial.
Actually wpa_cli never exists because it tries again and again. A one-shot reproducer is e.g. "wpa_cli -i wlp3s0 status":

# wpa_cli -i wlp3s0 status
'STATUS' command timed out.
# echo $?
254

It logs exactly these lines:

Nov  8 16:50:47 dhcp-0-146 audit[14475]: AVC avc:  denied  { sendto } for  pid=14475 comm="wpa_supplicant" path="/tmp/wpa_ctrl_14520-1" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_dgram_socket permissive=0
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: CTRL-EVENT-SSID-REENABLED id=0 ssid="Red Hat"
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: SME: Trying to authenticate with f8:0b:cb:88:2e:ff (SSID='Red Hat' freq=5240 MHz)
Nov  8 16:50:50 dhcp-0-146 kernel: wlp3s0: authenticate with f8:0b:cb:88:2e:ff
Nov  8 16:50:50 dhcp-0-146 kernel: wlp3s0: send auth to f8:0b:cb:88:2e:ff (try 1/3)
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: Trying to associate with f8:0b:cb:88:2e:ff (SSID='Red Hat' freq=5240 MHz)
Nov  8 16:50:50 dhcp-0-146 kernel: wlp3s0: authenticated
Nov  8 16:50:50 dhcp-0-146 kernel: wlp3s0: associate with f8:0b:cb:88:2e:ff (try 1/3)
Nov  8 16:50:50 dhcp-0-146 kernel: wlp3s0: RX AssocResp from f8:0b:cb:88:2e:ff (capab=0x111 status=0 aid=82)
Nov  8 16:50:50 dhcp-0-146 kernel: wlp3s0: associated
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: Associated with f8:0b:cb:88:2e:ff
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=3 subject='/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat IT/CN=Red Hat IT Root CA/emailAddress=infosec' hash=270947c8eba9ae6f01799f134e7dbebe902a0a2e09e1b8fd06b5fc3a7d7ecef3
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=3 subject='/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat IT/CN=Red Hat IT Root CA/emailAddress=infosec' hash=270947c8eba9ae6f01799f134e7dbebe902a0a2e09e1b8fd06b5fc3a7d7ecef3
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/O=Red Hat/OU=prod/CN=Intermediate Certificate Authority' hash=1064a0756e41942346616a634e47bed654eb1f8c38ff7b17685a156b823ebc23
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/O=Red Hat/OU=prod/CN=Certificate Authority' hash=9018f9f242941f2d44cf8d639ad369a958db7ad683ec2a1b5f13483419d5973e
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=ise01-ams2.mgmt.ams2.redhat.com/OU=Information Technology/O=Red Hat, Inc./L=Raleigh/ST=North Carolina/C=US' hash=ab6c79824533a56415b91ba09f1d011e5fbe5dcd69574511dae96e160a013897
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ise01-ams2.mgmt.ams2.redhat.com
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: EAP-GTC: Password not configured
Nov  8 16:50:50 dhcp-0-146 wpa_supplicant[14475]: wlp3s0: CTRL-REQ-OTP-0:[Password:] needed for SSID Red Hat

ausearch output for the whole day is attached.

Created attachment 1840720 [details]
ausearch output in permissive mode

I forgot to disable enforcing. Here is the log after "setenforce 0".

*** This bug has been marked as a duplicate of bug 2032277 ***