On this thread, I'm speaking with my manager, and the other admin comes in, ranting about selinux, and that he's going to file a bug against it with RH.... Seems he installed RHEL6, and had the misfortune of having an older Sun keyboard, and may have hit the <caps lock> key when entering the root password... and he couldn't log in. So he rebooted to single user mode, and ran passwd... which sat there for a while, then quit, with no messages. Then he turned off selinux, and passwd worked... so the whole selinux thing was a pointless and irritating exercise.
Of course, if selinux had stopped him from turning enforcing off, he'd have had to reboot from the rescue disk, at the least, and reinstall at the worst.
The bigger question is why selinux when the system is in single user mode, and offline. If someone has console access, and shouldn't have, you have management problems, not o/s security problems.
mark