commit fc0e3304732a9aaff1487833342d5fc8ea26ce04
Author: Ludwig Nussel <ludwig.nussel@suse.de>
Date:   Fri Aug 6 15:11:23 2021 +0200

    selinux: allow login to read motd file

diff --git a/selinux/cockpit.te b/selinux/cockpit.te
index 73242aaa1..72db3c1dc 100644
--- a/selinux/cockpit.te
+++ b/selinux/cockpit.te
@@ -181,3 +181,11 @@ optional_policy(`
 optional_policy(`
 	unconfined_domtrans(cockpit_session_t)
 ')
+
+# login may read motd file through pam
+optional_policy(`
+    gen_require(`
+        type local_login_t;
+    ')
+    cockpit_read_pid_files(local_login_t)
+')