Lots of people are out there disabling IPV6, and when you do invariably you get a flood of AVC messages about different confined domains asking the kernel to load the kernel module net-pf-10.
type=AVC msg=audit(10/18/11 23:40:10.233:978087) : avc: denied { module_request } for pid=32265 comm=pickup kmod="net-pf-10" scontext=system_u:system_r:postfix_picku
Now I am not recommending that you enable or disable IPV6, but if you do want to disable it and run with SELinux turned on, please read the following:
Eric Paris reports
"I believe the networking kernel community recommends (and it will shut up these AVCs) that IPv6 be disabled by:
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
It still loads the module but unhooks almost all of the calls into the module. (apparently the IPv6 module has become so ingrained in the kernel that a number of other things, like certain firewall modules, require it. I didn't design it, I'm just telling it how it is) "
We recommend that you do not disable the ipv6 module but add
net.ipv6.conf.all.disable_ipv6 = 1
to /etc/sysctl.conf
And the AVC messages should go away.
The setroubleshoot plugin in Fedora reflects this info.
UPDATED:
After Further investigation, I am informed that:
"adding ipv6.disable=1 to the kernel command line will be
the strongest way I can think of to load the module but eliminate
all of its functionality.."