From b676a5de10522c8ed0067fb378c1898b4dc0a141 Mon Sep 17 00:00:00 2001
From: HuaxinLuGitee <1539327763@qq.com>
Date: Tue, 18 Aug 2020 17:04:11 +0800
Subject: [PATCH 1/2] add avc for pam

---
 add-avc-for-pam.patch | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 add-avc-for-pam.patch

diff --git a/add-avc-for-pam.patch b/add-avc-for-pam.patch
new file mode 100644
index 0000000..63e2ad6
--- /dev/null
+++ b/add-avc-for-pam.patch
@@ -0,0 +1,24 @@
+From c94aecd75df0483a088dd30ec3394eabbeaaebb1 Mon Sep 17 00:00:00 2001
+From: HuaxinLuGitee <1539327763@qq.com>
+Date: Tue, 18 Aug 2020 16:50:52 +0800
+Subject: [PATCH] test2
+
+---
+ policy/modules/system/authlogin.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
+index 0b4fec8..2949ac1 100644
+--- a/policy/modules/system/authlogin.te
++++ b/policy/modules/system/authlogin.te
+@@ -568,6 +568,7 @@ corecmd_getattr_all_executables(login_pgm)
+ domain_kill_all_domains(login_pgm)
+ 
+ allow login_pgm self:netlink_kobject_uevent_socket create_socket_perms;
++allow login_pgm self:netlink_selinux_socket create_socket_perms;
+ allow login_pgm self:capability ipc_lock;
+ dontaudit login_pgm self:capability net_admin;
+ allow login_pgm self:process setkeycreate;
+-- 
+1.8.3.1
+
-- 
Gitee


From 33b0c5ad352354f89ba2cfbf4c939718ee5b5b35 Mon Sep 17 00:00:00 2001
From: HuaxinLuGitee <1539327763@qq.com>
Date: Tue, 18 Aug 2020 17:04:11 +0800
Subject: [PATCH 2/2] add avc for pam

	new file:   add-avc-for-pam.patch
	modified:   selinux-policy.spec
---
 add-avc-for-pam.patch | 24 ++++++++++++++++++++++++
 selinux-policy.spec   |  5 ++++-
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 add-avc-for-pam.patch

diff --git a/add-avc-for-pam.patch b/add-avc-for-pam.patch
new file mode 100644
index 0000000..63e2ad6
--- /dev/null
+++ b/add-avc-for-pam.patch
@@ -0,0 +1,24 @@
+From c94aecd75df0483a088dd30ec3394eabbeaaebb1 Mon Sep 17 00:00:00 2001
+From: HuaxinLuGitee <1539327763@qq.com>
+Date: Tue, 18 Aug 2020 16:50:52 +0800
+Subject: [PATCH] test2
+
+---
+ policy/modules/system/authlogin.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
+index 0b4fec8..2949ac1 100644
+--- a/policy/modules/system/authlogin.te
++++ b/policy/modules/system/authlogin.te
+@@ -568,6 +568,7 @@ corecmd_getattr_all_executables(login_pgm)
+ domain_kill_all_domains(login_pgm)
+ 
+ allow login_pgm self:netlink_kobject_uevent_socket create_socket_perms;
++allow login_pgm self:netlink_selinux_socket create_socket_perms;
+ allow login_pgm self:capability ipc_lock;
+ dontaudit login_pgm self:capability net_admin;
+ allow login_pgm self:process setkeycreate;
+-- 
+1.8.3.1
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index ee8b53b..f16f973 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 3.14.2
-Release: 55
+Release: 56
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -670,6 +670,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Aug 18 2020 luhuaxin <luhuaxin1@huawei.com> - 3.14.2-56
+- add patch add-avc-for-pam.patch
+
 * Mon Jul 20 2020 steven <steven_ygui@163.com> - 3.14.2-55
 - add patch Allow-systemd_logind_t-to-read-fixed-dist-device-BZ-.patch
 
-- 
Gitee