add a user, and then try to do chsh $username /bin/false or /bin/nologin and you get this.. type=AVC msg=audit(1197616408.149:549): avc: denied { execute } for pid=9694 comm="chsh" name="false" dev=sda1 ino=339692 scontext=unconfined_u:system_r:chfn_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file type=AVC msg=audit(1197616421.885:550): avc: denied { execute } for pid=9697 comm="chsh" name="false" dev=sda1 ino=339692 scontext=unconfined_u:system_r:chfn_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file type=AVC msg=audit(1197616444.623:551): avc: denied { execute } for pid=9699 comm="chsh" name="nologin" dev=sda1 ino=254 scontext=unconfined_u:system_r:chfn_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
Fixed in selinux-policy-3.0.8-69.fc8 Does not seem to cause a problem, although does generate an avc.
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen.