-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- The AVC denial is type=AVC msg=audit(1369081665.408:8113): avc: denied
{ create } for pid=18379 comm="usermod" name="passwd+" scontext=specialuser_u:system_r:pwrecoveryd_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
The avc shows a process running as SELinux user is attempting to create a file labeled system_u:object_r:etc_t:s0. Since you are changing the SELinux user component you get an AVC. Does your app do a setfscreatecon() call?
domain_obj_id_change_exemption(pwrecoveryd_t) is probably what you need.