Index: Linux-PAM-1.3.0/modules/pam_selinux/pam_selinux.c
===================================================================
--- Linux-PAM-1.3.0.orig/modules/pam_selinux/pam_selinux.c
+++ Linux-PAM-1.3.0/modules/pam_selinux/pam_selinux.c
@@ -63,8 +63,8 @@
 
 #include <selinux/selinux.h>
 #include <selinux/get_context_list.h>
-#include <selinux/flask.h>
-#include <selinux/av_permissions.h>
+// #include <selinux/flask.h>
+// #include <selinux/av_permissions.h>
 #include <selinux/selinux.h>
 #include <selinux/context.h>
 #include <selinux/get_default_type.h>
@@ -554,6 +554,7 @@ static int
 compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
 {
   const char *tty = get_item(pamh, PAM_TTY);
+  security_class_t tclass;
 
   if (!tty || !*tty || !strcmp(tty, "ssh") || !strncmp(tty, "NODEV", 5)) {
     tty = ttyname(STDIN_FILENO);
@@ -589,8 +590,18 @@ compute_tty_context(const pam_handle_t *
     return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
   }
 
+  tclass = string_to_security_class("chr_file");
+  if (tclass == 0) {
+    pam_syslog(pamh, LOG_ERR, "Failed to get chr_file security class");
+    freecon(data->prev_tty_context);
+    data->prev_tty_context = NULL;
+    free(data->tty_path);
+    data->tty_path = NULL;
+    return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
+  }
+
   if (security_compute_relabel(data->exec_context, data->prev_tty_context,
-			       SECCLASS_CHR_FILE, &data->tty_context)) {
+			       tclass, &data->tty_context)) {
     data->tty_context = NULL;
     pam_syslog(pamh, LOG_ERR, "Failed to compute new context for %s: %m",
 	       data->tty_path);