Created attachment 364623 [details]
Generated from a recent rawhide.
Description of problem:
Boot into single user mode with selinux enforcing, run passwd.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
2. append 'single' to the kernel params
3. run passwd
passwd generates a denial (see attached)
Should prompt for a new root password.
Fixed in selinux-policy-3.6.32-26.fc12.noarch
Looks like passwd_t needs to read the console for this to work.