Description of problem:
Getting AVC denials in the audit.log from the cron job that gathers mcollective facts. Apparently only part of the facts aren't being gathered - the gear counts.

Version-Release number of selected component (if applicable):
http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterprise/1.1.z/2013-03-06.1/
openshift-origin-msg-node-mcollective-1.0.3-1.el6op.noarch
selinux-policy-3.7.19-195.el6_4.2.noarch


Steps to Reproduce:
1. Create an OSE installation
2. Create some apps
3. Wait for mcollective facter to run (do not run as root)
3. grep gears /etc/mcollective/facts.yaml
  
Actual results:
all zeroes

Expected results:
positive numbers at least for e.g. gears_total_count

Additional info:
The problem appears to stem from this line of code (where app_dir iterates over the gear directories):

Dir.glob(File.join(app_dir, %w{app-root runtime .state})).each do |file|

This line however succeeds in counting git repositories:

git_repos_count += Dir.glob(File.join(app_dir, "git/*.git")).count

Selinux contexts:
system_u:object_r:openshift_var_lib_t:s0:c0,c1002 /var/lib/openshift/1db5352de6864a7592c9b56252beff9c/app-root/runtime/
system_u:object_r:openshift_var_lib_t:s0:c0,c1002 /var/lib/openshift/1db5352de6864a7592c9b56252beff9c/app-root/runtime/.state
system_u:object_r:openshift_var_lib_t:s0:c0,c1002 /var/lib/openshift/1db5352de6864a7592c9b56252beff9c/git
system_u:object_r:openshift_var_lib_t:s0:c0,c1002 /var/lib/openshift/1db5352de6864a7592c9b56252beff9c/git/1db5352de6.git/

Running the audit.log through audit2allow gives the following policy:
#============= openshift_cron_t ==============
allow openshift_cron_t self:capability { dac_read_search dac_override };