From 6943686200569aca05d85712917abbfc03db21d0 Mon Sep 17 00:00:00 2001
From: Patrik Koncity <pkoncity@redhat.com>
Date: Fri, 30 Oct 2020 13:03:17 +0100
Subject: [PATCH] Allow for confined users acces to wtmp

Allow for confined users screen acess to wtmp, via interface
application_exec() and auth_rw_login_records().
Macro application_exec() allow execute application
executables in the caller domain.
Interface auth_rw_login_records() allow read
and write login records.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1767745
---
 screen.if | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/screen.if b/screen.if
index 28fdc301aa..5773970fd1 100644
--- a/screen.if
+++ b/screen.if
@@ -81,8 +81,11 @@ template(`screen_role_template',`
 	corecmd_shell_domtrans($1_screen_t, $3)
 	corecmd_bin_domtrans($1_screen_t, $3)
 
+	application_exec($1_screen_t)
+
 	auth_domtrans_chk_passwd($1_screen_t)
 	auth_use_nsswitch($1_screen_t)
+	auth_rw_login_records($1_screen_t)
 
 	logging_send_syslog_msg($1_screen_t)