From Debian package 0.2.20100524-1

Dont audit open of /etc/shadow in auth_domtrans_chkpwd

Index: policy/modules/system/authlogin.if
===================================================================
--- policy/modules/system/authlogin.if.orig
+++ policy/modules/system/authlogin.if
@@ -426,7 +426,7 @@
 
 	corecmd_search_bin($1)
 	domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
-	dontaudit $1 shadow_t:file { getattr read };
+	dontaudit $1 shadow_t:file { open getattr read };
 	auth_domtrans_upd_passwd($1)
 ')