From b6c39bf0f2d0718af4a0164756c89a889f8faeb1 Mon Sep 17 00:00:00 2001
From: Kenton Groombridge <concord@gentoo.org>
Date: Mon, 23 Dec 2024 14:16:24 -0500
Subject: [PATCH] init: allow init to write inherited logind sessions

type=AVC msg=audit(1734981065.899:133759): avc:  denied  { use } for  pid=1867652 comm="(systemd)" path="/run/systemd/sessions/5.ref" dev="tmpfs" ino=324155 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=fd permissive=0
type=AVC msg=audit(1735002704.149:185356): avc:  denied  { write } for  pid=2343491 comm="(systemd)" path="/run/systemd/sessions/7.ref" dev="tmpfs" ino=352653 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:systemd_sessions_runtime_t:s0 tclass=fifo_file permissive=0

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
---
 policy/modules/system/init.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index e724c295ed..69d0e28523 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -543,6 +543,7 @@ ifdef(`init_systemd',`
 	systemd_relabelto_journal_dirs(init_t)
 	systemd_relabelto_journal_files(init_t)
 	systemd_rw_networkd_netlink_route_sockets(init_t)
+	systemd_write_inherited_logind_sessions_pipes(init_t)
 	systemd_manage_userdb_runtime_sock_files(init_t)
 	systemd_manage_userdb_runtime_dirs(init_t)
 	systemd_manage_userdb_runtime_symlinks(init_t)