selinux-policy/allow-local_login_t-read-shadow.patch

Index: serefpolicy-3.12.1/policy/modules/system/locallogin.te
===================================================================
--- serefpolicy-3.12.1.orig/policy/modules/system/locallogin.te	2013-10-23 11:44:16.815098321 +0200
+++ serefpolicy-3.12.1/policy/modules/system/locallogin.te	2013-10-23 11:44:16.848098676 +0200
@@ -126,6 +126,7 @@ term_setattr_unallocated_ttys(local_logi
 term_relabel_all_ptys(local_login_t)
 term_setattr_generic_ptys(local_login_t)
 
+auth_read_shadow(local_login_t)
 auth_rw_login_records(local_login_t)
 auth_rw_faillog(local_login_t)
 auth_manage_pam_console_data(local_login_t)