The message I'm now seeing in /var/log/audit/audit.log :
type=AVC msg=audit(1385112688.399:67769): avc: denied { write } for pid=8218 comm="xauth" name="caw" dev=md1 ino=262145 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1385112688.399:67769): arch=c000003e syscall=2 success=no exit=-13 a0=7fffdecf5c60 a1=c1 a2=180 a3=8 items=0 ppid=8217 pid=8218 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=9 comm="xauth" exe="/usr/bin/xauth" subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null)
You may try to add the following rules to your local policy, but do you really need this? It seems like you shouldn't have any problems with non-root accounts.
module local 1.0;
require { type xauth_t; type home_root_t; class dir write; }
#============= xauth_t ============== #!!!! The source type 'xauth_t' can write to a 'dir' of the following types: # user_home_t, xauth_tmp_t, var_lib_t, xdm_var_run_t, admin_home_t, user_home_dir_t, tmp_t, user_tmp_t, nx_server_var_lib_t, nfs_t
allow xauth_t home_root_t:dir write;