diff --git a/repos/aimee-os/sec-policy/selinux-aimee-os/files/aimee-os.te b/repos/aimee-os/sec-policy/selinux-aimee-os/files/aimee-os.te
index 7fcf7d6..bb4a57c 100644
--- a/repos/aimee-os/sec-policy/selinux-aimee-os/files/aimee-os.te
+++ b/repos/aimee-os/sec-policy/selinux-aimee-os/files/aimee-os.te
@@ -201,3 +201,15 @@ gen_require(`
 ')
 allow ssh_keygen_t var_lib_t:dir rw_dir_perms;
 filetrans_pattern(ssh_keygen_t, var_lib_t, sshd_key_t, file)
+
+# Allow login to execute /bin/busybox (via /bin/sh symlink)
+gen_require(`
+	type local_login_t;
+')
+corecmd_exec_bin(local_login_t)
+
+# Allow root to log in on the serial console
+gen_require(`
+	type sysadm_t;
+')
+init_use_fds(sysadm_t)
diff --git a/yellow/portage/target/etc/portage/patches/sec-policy/selinux-base/0006-Allow-init-to-setattr-on-char-devices.patch b/yellow/portage/target/etc/portage/patches/sec-policy/selinux-base/0006-Allow-init-to-setattr-on-char-devices.patch
new file mode 100644
index 0000000..12c8e84
--- /dev/null
+++ b/yellow/portage/target/etc/portage/patches/sec-policy/selinux-base/0006-Allow-init-to-setattr-on-char-devices.patch
@@ -0,0 +1,25 @@
+From eb787b0e9ad66e719d7eb2d4bc942118a457d0d1 Mon Sep 17 00:00:00 2001
+From: "Dustin C. Hatch" <dustin@hatch.name>
+Date: Tue, 14 Mar 2023 13:40:23 -0500
+Subject: [PATCH] Allow init to setattr on char devices
+
+This is required for local logins to work.
+---
+ refpolicy/policy/modules/system/init.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
+index 7b44a43..bfa5d4d 100644
+--- a/refpolicy/policy/modules/system/init.te
++++ b/refpolicy/policy/modules/system/init.te
+@@ -385,6 +385,7 @@ ifdef(`init_systemd',`
+ 	dev_create_urand_dev(init_t)
+ 	# systemd writes to /dev/watchdog on shutdown
+ 	dev_write_watchdog(init_t)
++	dev_setattr_all_chr_files(init_t)
+ 
+ 	domain_read_all_domains_state(init_t)
+ 	# for starting systemd --user in the right domain:
+-- 
+2.39.0
+