diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index ebd73aca9..18002e67d 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -365,6 +365,24 @@ interface(`kernel_dgram_send',`
 	allow $1 kernel_t:unix_dgram_socket sendto;
 ')
 
+########################################
+## <summary>
+##	Send messages to kernel netlink audit sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`kernel_rw_netlink_audit_sockets',`
+	gen_require(`
+		type kernel_t;
+	')
+
+	allow $1 kernel_t:netlink_audit_socket { rw_netlink_socket_perms };
+')
+
 ########################################
 ## <summary>
 ##	Allows caller to load kernel modules
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 4734a9510..2f88c551e 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -312,6 +312,8 @@ ifdef(`init_systemd',`
 	kernel_setsched(init_t)
 	kernel_link_key(init_t)
 	kernel_rw_unix_sysctls(init_t)
+	kernel_rw_stream_sockets(init_t)
+	kernel_rw_unix_dgram_sockets(init_t)
 
 	# run systemd misc initializations
 	# in the initrc_t domain, as would be
@@ -1028,6 +1030,9 @@ ifdef(`init_systemd',`
 	allow initrc_t systemdunit:service reload;
 	allow initrc_t init_script_file_type:service { stop start status reload };
 
+	# Access to notify socket for services with Type=notify
+	kernel_dgram_send(initrc_t)
+
 	# run systemd misc initializations
 	# in the initrc_t domain, as would be
 	# done in traditional sysvinit/upstart.
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
index 8a0b2ce0a..10dee6563 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -681,10 +681,9 @@ interface(`logging_send_syslog_msg',`
 		# Allow systemd-journald to check whether the process died
 		allow syslogd_t $1:process signull;
 
-		ifdef(`distro_redhat',`
-			kernel_dgram_send($1)
-		')
+		kernel_dgram_send($1)
 	')
+
 ')
 
 ########################################
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 2f16b24eb..3907809f1 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -501,9 +501,6 @@ auth_use_nsswitch(syslogd_t)
 
 init_use_fds(syslogd_t)
 
-# cjp: this doesnt make sense
-logging_send_syslog_msg(syslogd_t)
-
 miscfiles_read_localization(syslogd_t)
 
 seutil_read_config(syslogd_t)
@@ -525,6 +522,7 @@ ifdef(`init_systemd',`
 	kernel_read_ring_buffer(syslogd_t)
 	kernel_rw_stream_sockets(syslogd_t)
 	kernel_rw_unix_dgram_sockets(syslogd_t)
+	kernel_rw_netlink_audit_sockets(syslogd_t)
 	kernel_use_fds(syslogd_t)
 
 	dev_read_kmsg(syslogd_t)
@@ -544,6 +542,9 @@ ifdef(`init_systemd',`
 	init_read_runtime_symlinks(syslogd_t)
 	init_read_state(syslogd_t)
 
+	# needed for systemd-initrd case when syslog socket is unlabelled
+	logging_send_syslog_msg(syslogd_t)
+
 	systemd_manage_journal_files(syslogd_t)
 
 	udev_read_runtime_files(syslogd_t)