Description of problem:
When using a custom dispatcher that sets a dns for an interface via systemd-resolve when NetworkManager brings up a connections. This is done because NetworkManager connection config does not like custom ports for DNS servers.

> systemd-resolve --interface wg0 --set-dns 10.10.1.200:5300 --set-domain ~testing

Version-Release number of selected component (if applicable):

libselinux-3.3-4.fc36.x86_64
NetworkManager-1.38.0-2.fc36.x86_64
selinux-policy-36.10-1.fc36.noarch
selinux-policy-targeted-36.10-1.fc36.noarch
selinux-policy-minimum-36.10-1.fc36.noarch
systemd-resolved-250.7-1.fc36.x86_64

How reproducible:
Consistently.

Steps to Reproduce:
1. Create a custom NetworkManager dispatcher as shown at https://gist.github.com/abn/95301c56e4281d048ab5597d03629294 for a connection (eg: wg0).
2. Bring the connection by via "nmcli connection up wg0"
SELinux is preventing systemd-resolve from 'create' accesses on the unix_dgram_socket labeled NetworkManager_dispatcher_custom_t.

Actual Results:
*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that systemd-resolve should be allowed create access on unix_dgram_socket labeled NetworkManager_dispatcher_custom_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd-resolve' --raw | audit2allow -M my-systemdresolve
# semodule -X 300 -i my-systemdresolve.pp

Additional Information:
Source Context                system_u:system_r:NetworkManager_dispatcher_custom
                              _t:s0
Target Context                system_u:system_r:NetworkManager_dispatcher_custom
                              _t:s0
Target Objects                Unknown [ unix_dgram_socket ]
Source                        systemd-resolve
Source Path                   systemd-resolve
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-36.10-1.fc36.noarch
Local Policy RPM              selinux-policy-targeted-36.10-1.fc36.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 5.18.5-200.fc36.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Thu Jun 16 14:51:11 UTC 2022
                              x86_64 x86_64
Alert Count                   76
First Seen                    2022-06-01 11:13:02 CEST
Last Seen                     2022-06-23 19:02:23 CEST
Local ID                      cf0f19ce-c004-466e-a2d4-ef1d2da36cc0

Raw Audit Messages
type=AVC msg=audit(1656003743.267:1339): avc:  denied  { create } for  pid=44486 comm="systemd-resolve" scontext=system_u:system_r:NetworkManager_dispatcher_custom_t:s0 tcontext=system_u:system_r:NetworkManager_dispatcher_custom_t:s0 tclass=unix_dgram_socket permissive=1


Hash: systemd-resolve,NetworkManager_dispatcher_custom_t,NetworkManager_dispatcher_custom_t,unix_dgram_socket,create

Version-Release number of selected component:
selinux-policy-targeted-36.10-1.fc36.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.17.1
hashmarkername: setroubleshoot
kernel:         5.18.5-200.fc36.x86_64
type:           libreport