Description of problem: I get lots of: audit(1157135283.604:30): avc: denied { read } for pid=18194 comm="pam_console_app" name="/" dev=autofs ino=6665 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:autofs_t:s0 tclass=dir from when pam_console looks for things in /mnt. Either a) we should tell pam_console not to do that (things are in /media these days) or b) we should fix the policy. Version-Release number of selected component (if applicable): selinux-policy-targeted-2.3.10-6 pam-0.99.6.2-1.fc6
a) is the right thing to do if we don't care much about upgrades from older FCs where someone can have their customized mounts in /mnt which he expects to be owned by console user. But I'd say that policy should allow pam_console_apply to read and change things in /mnt anyway.
Fixed in selinux-policy-2.3.14-4
Should be fixed in the current release