[root@desk mythcat]# ausearch -c 'restorecon' --raw | audit2allow
#============= staff_t ==============
allow staff_t admin_home_t:dir { relabelfrom relabelto };
allow staff_t admin_home_t:file { relabelfrom relabelto };
#!!!! This avc is a constraint violation. You would need to modify the attributes of
either the source or target types to allow this access.
#Constraint rule:
# mlsconstrain dir { search } ((l1 dom l2 -Fail-) or (t1 == mlsfilereadtoclr -Fail-) and
(h1 dom l2) or (t1 == mlsfileread -Fail-) or (t2 == mlstrustedobject -Fail-) );
Constraint DENIED
# Possible cause is the source user (staff_u) and target user (system_u) are different.
# Possible cause is the source level (s0-s15:c0.c1023) and target level (s15:c0.c1023) are
different.
allow staff_t auditd_etc_t:dir search;
allow staff_t auditd_etc_t:dir { open read };