When we get an AVC about a unlabeled_t file, we don't know if it is a file without a label or a file with a bad label, it would be great if the kernel would actually tells what the bad security context is. Then we might have a clue what is going on. W ould it be a huge problem to add a field to the AVC that indicated what the label was in addition to unlabeled_t. We are seeing some random unlabeled_t errors ,and we can't really diagnose what is going on because we don't know what the undefined label is. Of if there is no label at all. ucon="" or ucon="system_u:object_r:nolonger_exists_t:s0"
Posted a patch to add this enhancement upstream: https://lore.kernel.org/selinux/20190118100429.11703-1-omosnace@redhat.com/T/
After a few respins, the patch is now staged in selinux-next for kernel v5.1: https://github.com/SELinuxProject/selinux-kernel/commit/fede148324c34360ce8c30a9a5bdfac5574b2a59