AVC:s on xauth file when doing su

[Göran Uddeborg]

Whenever I do "su" in an xterm window, I get two AVC denials.  The
command xauth is denied to read and write a file .xauthXXXXX where
XXXXX is some random string different each time.  (I encose an example
below.)

I would bugzilla this, but I'm (as often) not quite sure if it's the
policy or if it's me.  That is, if maybe this is not intended to be
allowed?  Or if there there something else I might be missing?  I
can't see any boolean I would connect to this.

So, is this a bug I should report, or is it intentional?

----
time->Tue Dec 29 21:32:48 2009
type=SYSCALL msg=audit(1262118768.835:41732): arch=c000003e syscall=21 success=no exit=-13 a0=7fff99bd14d5 a1=2 a2=0 a3=7fff99bcfd10 items=0 ppid=5506 pid=5511 auid=503 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 ses=96 comm="xauth" exe="/usr/bin/xauth" subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1262118768.835:41732): avc:  denied  { write } for  pid=5511 comm="xauth" name=".xauthbDy84s" dev=dm-0 ino=5341320 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
----
time->Tue Dec 29 21:32:48 2009
type=SYSCALL msg=audit(1262118768.836:41733): arch=c000003e syscall=2 success=no exit=-13 a0=7fff99bd14d5 a1=0 a2=1b6 a3=0 items=0 ppid=5506 pid=5511 auid=503 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 ses=96 comm="xauth" exe="/usr/bin/xauth" subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1262118768.836:41733): avc:  denied  { read } for  pid=5511 comm="xauth" name=".xauthbDy84s" dev=dm-0 ino=5341320 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file