Index: refpolicy-2.20210126/policy/modules/services/ssh.te
===================================================================
--- refpolicy-2.20210126.orig/policy/modules/services/ssh.te
+++ refpolicy-2.20210126/policy/modules/services/ssh.te
@@ -265,9 +265,10 @@ ifdef(`distro_debian',`
 ')
 
 ifdef(`init_systemd',`
+	auth_use_pam_systemd(sshd_t)
 	init_dbus_chat(sshd_t)
-	systemd_dbus_chat_logind(sshd_t)
 	init_rw_stream_sockets(sshd_t)
+	systemd_write_inherited_logind_sessions_pipes(sshd_t)
 ')
 
 tunable_policy(`ssh_sysadm_login',`
@@ -310,11 +311,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	systemd_write_inherited_logind_sessions_pipes(sshd_t)
-	systemd_dbus_chat_logind(sshd_t)
-')
-
-optional_policy(`
 	xserver_domtrans_xauth(sshd_t)
 	xserver_link_xdm_keys(sshd_t)
 ')
Index: refpolicy-2.20210126/policy/modules/system/authlogin.if
===================================================================
--- refpolicy-2.20210126.orig/policy/modules/system/authlogin.if
+++ refpolicy-2.20210126/policy/modules/system/authlogin.if
@@ -91,6 +91,7 @@ interface(`auth_use_pam',`
 #
 interface(`auth_use_pam_systemd',`
 	dbus_system_bus_client($1)
+	systemd_connect_machined($1)
 	systemd_dbus_chat_logind($1)
 ')
 
Index: refpolicy-2.20210126/policy/modules/system/systemd.te
===================================================================
--- refpolicy-2.20210126.orig/policy/modules/system/systemd.te
+++ refpolicy-2.20210126/policy/modules/system/systemd.te
@@ -151,6 +151,9 @@ type systemd_machined_runtime_t alias sy
 files_runtime_file(systemd_machined_runtime_t)
 init_daemon_runtime_file(systemd_machined_runtime_t, dir, "machines")
 
+type systemd_machined_devpts_t;
+term_login_pty(systemd_machined_devpts_t)
+
 type systemd_modules_load_t;
 type systemd_modules_load_exec_t;
 init_daemon_domain(systemd_modules_load_t, systemd_modules_load_exec_t)
@@ -738,6 +741,8 @@ allow systemd_machined_t systemd_machine
 kernel_read_kernel_sysctls(systemd_machined_t)
 kernel_read_system_state(systemd_machined_t)
 
+dev_getattr_fs(systemd_machined_t)
+
 files_read_etc_files(systemd_machined_t)
 
 fs_getattr_cgroup(systemd_machined_t)
@@ -761,6 +766,10 @@ logging_send_syslog_msg(systemd_machined
 
 seutil_search_default_contexts(systemd_machined_t)
 
+term_create_pty(systemd_machined_t, systemd_machined_devpts_t)
+allow systemd_machined_t systemd_machined_devpts_t:chr_file manage_file_perms;
+term_getattr_pty_fs(systemd_machined_t)
+
 optional_policy(`
 	init_dbus_chat(systemd_machined_t)
 	init_dbus_send_script(systemd_machined_t)
