[refpolicy] runcon cant really run(constraint issue?)

[Justin Mattock]

looking into using runcon
it seems I'm confronted with an
avc, that just keeps showing up:
allow staff_t user_t:process { siginh rlimitinh transition noatsecure };
(even after adding this to the policy).

What I'm doing is this:
runcon name:user_r:user_t:s0-s0:c0.c255 firefox
the initial role I'm in is staff_r(transitioning to user_r for
firefox to run in)

Does this seem like the right thing to do,
or do I need to use newrole -r *
for something like firefox?

-- 
Justin P. Mattock