ConsoleKit-x11-0.3.0-8.fc11.x86_64 selinux-policy-3.6.12-23.fc11.noarch gnome-session-2.26.1-1.fc11.x86_64 node=localhost.localdomain type=AVC msg=audit(1241139173.797:40518): avc: denied { name_connect } for pid=4085 comm="ck-get-x11-serv" dest=6001 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket node=localhost.localdomain type=SYSCALL msg=audit(1241139173.797:40518): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=1bfec10 a2=10 a3=7fff04a4c180 items=0 ppid=4084 pid=4085 auid=4294967295 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=4294967295 comm="ck-get-x11-serv" exe="/usr/libexec/ck-get-x11-server-pid" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null) ssh username@server -Y DISPLAY=IPADDRESS:1 gnome-session gnome-session runs something that runs /usr/libexec/ck-get-x11-server-pid which gets an AVC denial. Perhaps it isn't used to the case where the X server is running remotely. In any case this is an annoying AVC for every LTSP thin client login.
Fixed in selinux-policy-3.6.12-27.fc11.noarch