This is probably an edge situation. However, for those of us who use a minimal window manager, it can be an issue.

In my case, if using an openvpn, I don't use it via NetworkManager. I will have an ovpn file, possibly containing the certificate and key, and if not, with the cert, key, and ovpn in the same directory. On Fedora and Redhat, if one tries to connect in a fairly standard way, with sudo openvp <myvpn>.ovpn file, it will fail without explanation. If one then runs, as root, or with root privilege, journalctl -t setroubleshoot, there will be messages from SELinux how some files couldn't be opened.

Setroubleshoot suggests that said files should be in ~/root/.cert. This should work, however, I prefer to have my files in a directory in my own home directory, as they may change or may have to be edited. So, I keep my vpn files in something like ~/vpn. I'll usually run a vpn session in tmux so I can easily background it with ctl+b,ctl+d.

To do this, I have to change the type for the files with SELinux. So, assuming I have these files, key, cert, and ovpn, or perhaps, and ovpn file which contains the key and cert, in $HOME/vpn, I will run the following.

sudo semanage fcontext -a -t home_cert_t "vpn(/.*)?"

I should now have a file in /etc/selinux/targeted/contexts/files/file_contexts.local that will list the various files in $HOME/vpn and show that they are now labeled with /home_cert_t. If not, then something hasn't worked, and try it again, paying close attention to avoiding typos. At this point, however, if you run ls -lZ on the files, it may not show the new context.

Now, to make it permanent run,

restorecon -R -v ~/vpn

Doing ls -lZ on the files should now show their context as home_cert_t. Now, running sudo openvpn <myfile>ovpn should work.

I suspect most people won't need this, but for those who don't use NetWworkManager for their VPN use, it may come in handy.