From 30ea630d9d30aad60e9ef686eb6987f3c5b1c39e Mon Sep 17 00:00:00 2001
From: Kenton Groombridge <me@concord.sh>
Date: Tue, 9 Nov 2021 19:51:33 -0500
Subject: [PATCH] init: allow systemd to nnp_transition and nosuid_transition
 to daemon domains

Signed-off-by: Kenton Groombridge <me@concord.sh>
---
 policy/modules/system/init.if | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 3c7e9d8db..003971123 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -376,6 +376,8 @@ interface(`init_daemon_domain',`
 
 		allow $1 init_t:unix_dgram_socket sendto;
 
+		allow init_t $1:process2 { nnp_transition nosuid_transition };
+
 		optional_policy(`
 			systemd_stream_connect_socket_proxyd($1)
 		')