Comment # 2 on bug 1208482 from Johannes Segitz

with this tempfiles.conf the AVC goes away

d /run/cockpit/motd         0640 root root - -
t /run/cockpit/motd - - - - security.selinux=system_u:object_r:etc_t:s0
C /run/cockpit/motd/inactive.motd 0640 root root -
/usr/share/cockpit/motd/inactive.motd
t /run/cockpit/motd/inactive.motd - - - -
security.selinux=system_u:object_r:etc_t:s0
f /run/cockpit/motd/active.motd   0640 root root -
t /run/cockpit/motd/active.motd - - - -
security.selinux=system_u:object_r:etc_t:s0
L+ /run/cockpit/motd/motd - - - - inactive.motd
t /run/cockpit/motd/motd - - - - security.selinux=system_u:object_r:etc_t:s0

The alternative would be just to label the directory and then have transitions
based on the names.

/usr/share/cockpit/motd/update-motd will also need updating for the changed
path