!20 add avc for pam

Merge pull request !20 from 卢华歆/openEuler-20.03-LTS

add-avc-for-pam.patch

@@ -0,0 +1,24 @@
+From c94aecd75df0483a088dd30ec3394eabbeaaebb1 Mon Sep 17 00:00:00 2001
+From: HuaxinLuGitee <1539327763@qq.com>
+Date: Tue, 18 Aug 2020 16:50:52 +0800
+Subject: [PATCH] test2
+
+---
+ policy/modules/system/authlogin.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
+index 0b4fec8..2949ac1 100644
+--- a/policy/modules/system/authlogin.te
++++ b/policy/modules/system/authlogin.te
+@@ -568,6 +568,7 @@ corecmd_getattr_all_executables(login_pgm)
+ domain_kill_all_domains(login_pgm)
+ 
+ allow login_pgm self:netlink_kobject_uevent_socket create_socket_perms;
++allow login_pgm self:netlink_selinux_socket create_socket_perms;
+ allow login_pgm self:capability ipc_lock;
+ dontaudit login_pgm self:capability net_admin;
+ allow login_pgm self:process setkeycreate;
+-- 
+1.8.3.1
+

selinux-policy.spec

@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 3.14.2
-Release: 55
+Release: 56
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -74,6 +74,7 @@ Patch23: allow-systemd-to-mount-unlabeled-filesystemd.patch
 Patch24: fix-selinux-label-for-hostname-digest-list.patch
 Patch25: solve-shutdown-permission-denied-caused-by-dracut.patch
 Patch26: Allow-systemd_logind_t-to-read-fixed-dist-device-BZ-.patch
+Patch27: add-avc-for-pam.patch
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@@ -670,6 +671,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Aug 18 2020 luhuaxin <luhuaxin1@huawei.com> - 3.14.2-56
+- add patch add-avc-for-pam.patch
+
 * Mon Jul 20 2020 steven <steven_ygui@163.com> - 3.14.2-55
 - add patch Allow-systemd_logind_t-to-read-fixed-dist-device-BZ-.patch