Following Dan's instructions for setting up pam_namespace with an xguest user, I can't login as xguest. avc errors are about xdm_t creating files labeled etc_t when trying to copy the /etc/skel bits, but it shouldn't be trying to create them as etc_t anyway I don't think.
Can you try to modify /etc/security/namespace.init so it contains cp -aT --no-preserve=context ..... instead of cp -aT ..... Does it help?
If not, what are all the AVCs?
That helps somewhat... ---- time->Thu Sep 20 19:46:23 2007 type=SYSCALL msg=audit(1190331983.113:27): arch=40000003 syscall=117 success=no exit=-13 a0=15 a1=8000 a2=0 a3=bfb5aec8 items=0 ppid=1820 pid=1824 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty7 comm="X" exe="/usr/bin/Xorg" subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1190331983.113:27): avc: denied { read write } for pid=1824 comm="X" path=2F535953563030303030303030202864656C6574656429 dev=tmpfs ino=32768 scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unconfined_tmpfs_t:s0 tclass=file and similar for all of the files. According to audit2allow allow xdm_xserver_t unconfined_tmpfs_t:file { read write };
I'll add the --no-preserve=context to the next pam build however the rest has to be fixed in the policy.
Tomas the patch I sent you this morning fixes these.