diff -rNau policycoreutils-1.30.29/newrole/Makefile policycoreutils-1.30.29.orig.dev/newrole/Makefile
--- policycoreutils-1.30.29/newrole/Makefile	2006-09-14 07:07:26.000000000 -0500
+++ policycoreutils-1.30.29.orig.dev/newrole/Makefile	2006-09-28 16:46:47.000000000 -0500
@@ -27,7 +27,7 @@
 	LDLIBS += -laudit
 endif
 ifeq (${LOG_AUDIT_PRIV},y)
-	override CFLAGS += -DLOG_AUDIT_PRIV -D_GNU_SOURCE
+	override CFLAGS += -DLOG_AUDIT_PRIV
 	LDLIBS += -lcap
 	MODE := 4555
 else
diff -rNau policycoreutils-1.30.29/newrole/newrole.c policycoreutils-1.30.29.orig.dev/newrole/newrole.c
--- policycoreutils-1.30.29/newrole/newrole.c	2006-09-14 07:07:26.000000000 -0500
+++ policycoreutils-1.30.29.orig.dev/newrole/newrole.c	2006-09-28 16:46:27.000000000 -0500
@@ -396,6 +396,51 @@
 }
 #endif
 
+#ifdef LOG_AUDIT_PRIV
+/* Send audit message */
+static
+int send_audit_message(int success, security_context_t old_context,
+		       security_context_t new_context, const char *ttyn)
+{
+	char *msg = NULL;
+	int rc;
+	int audit_fd = audit_open();
+
+	if (audit_fd < 0) {
+		fprintf(stderr, _("Error connecting to audit system.\n"));
+		return -1;
+	}
+	if (asprintf(&msg, "newrole: old-context=%s new-context=%s",
+				old_context ? old_context : "?",
+				new_context ? new_context : "?") < 0) {
+		fprintf(stderr, _("Error allocating memory.\n"));
+		rc = -1;
+		goto out;
+	}
+	rc = audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
+			msg, NULL, NULL, ttyn, success);
+	if (rc <= 0) {
+		fprintf(stderr, _("Error sending audit message.\n"));
+		rc = -1;
+		goto out;
+	}
+	rc = 0;
+out:
+	free(msg);
+	close(audit_fd);
+	return rc;
+}
+#else
+static inline
+int send_audit_message(int success __attribute__((unused)),
+		       security_context_t old_context __attribute__((unused)),
+		       security_context_t new_context __attribute__((unused)),
+		       const char *ttyn __attribute__((unused)))
+{
+	return 0;
+}
+#endif
+
 /************************************************************************
  *
  * All code used for both PAM and shadow passwd goes in this section.
@@ -536,6 +581,7 @@
 	if (role_s && !type_s) {
 		if (get_default_type(role_s, &type_s)) {
 			fprintf(stderr, _("Couldn't get default type.\n"));
+			send_audit_message(0, old_context, new_context, ttyn);
 			exit(-1);
 		}
 #ifdef CANTSPELLGDB
@@ -715,6 +761,7 @@
 
 	if (security_check_context(new_context) < 0) {
 		fprintf(stderr, _("%s is not a valid context\n"), new_context);
+		send_audit_message(0, old_context, new_context, ttyn);
 		exit(-1);
 	}
 
@@ -873,32 +920,8 @@
 			new_context);
 		exit(-1);
 	}
-#ifdef LOG_AUDIT_PRIV
-	/* Send audit message */
-	{
-		char *msg;
-		int rc;
-		int audit_fd = audit_open();
-		if (audit_fd < 0) {
-			fprintf(stderr,
-				_("Error connecting to audit system.\n"));
-			exit(-1);
-		}
-		if (asprintf(&msg, "newrole: old-context=%s new-context=%s",
-			     old_context, new_context) < 0) {
-			fprintf(stderr, _("Error allocating memory.\n"));
-			exit(-1);
-		}
-		rc = audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
-					    msg, NULL, NULL, ttyn, 1);
-		if (rc <= 0) {
-			fprintf(stderr, _("Error sending audit message.\n"));
-			exit(-1);
-		}
-		free(msg);
-		close(audit_fd);
-	}
-#endif
+	if (send_audit_message(1, old_context, new_context, ttyn))
+		exit(-1);
 	freecon(old_context);
 	execv(pw->pw_shell, argv + optind - 1);