I had a number of denials before auditd started and I have denials from dbus, both of which show up in /var/log/messages I run audit2allow -a and I don't get any rules. I run cat /var/log/messages | audit2allow and I get my allow rules An example /var/log/messages can be provided if needed, but it doesn't seem to matter if the logging is from dbus or from kernel....
Fixed in policycoreutils-2.0.62-12.1