selinux-policy/backport-Allow-login_pgm-attribute-to-get-attributes-in-proc_.patch

From f2d77890bfcbe5b514c6205f288eeb73fe2225af Mon Sep 17 00:00:00 2001
From: Patrik Koncity <pkoncity@redhat.com>
Date: Fri, 21 Aug 2020 15:48:27 +0200
Reference: https://github.com/fedora-selinux/selinux-policy/commit/f2d77890bfcbe5b514c6205f288eeb73fe2225af
Conflict: NA
Subject: [PATCH] Allow login_pgm attribute to get attributes in proc_t

Allow login_pgm attribute, which contain domain like local_login_t
and cockpit_session_t, get attributes on filesystem /proc.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1853730
---
 policy/modules/system/authlogin.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 6043c45..f3870d3 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -607,6 +607,7 @@ auth_filetrans_home_content(login_pgm)
 # needed for afs - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253321
 kernel_search_network_sysctl(login_pgm)
 kernel_rw_afs_state(login_pgm)
+kernel_getattr_proc(login_pgm)
 
 tunable_policy(`authlogin_radius',`
 	corenet_udp_bind_all_unreserved_ports(login_pgm)
-- 
1.8.3.1