mon policy from Russell Coker.

policy/modules/contrib

@@ -1 +1 @@
-Subproject commit 9483190e1d36b9b4cb911f52471ae496c13892f8
+Subproject commit 66f60b82b146a9c8e2819b45a7f0d5a6a17c257a

policy/modules/kernel/corenetwork.te.in

@@ -1,4 +1,4 @@
-policy_module(corenetwork, 1.23.1)
+policy_module(corenetwork, 1.23.2)
 
 ########################################
 #
@@ -176,6 +176,7 @@ network_port(matahari, tcp,49000,s0, udp,49000,s0)
 network_port(memcache, tcp,11211,s0, udp,11211,s0)
 network_port(milter) # no defined portcon
 network_port(mmcc, tcp,5050,s0, udp,5050,s0)
+network_port(mon, tcp,2583,s0, udp,2583,s0)
 network_port(monit, tcp,2812,s0)
 network_port(monopd, tcp,1234,s0)
 network_port(mountd, tcp,20048,s0, udp,20048,s0)

policy/modules/system/init.if

@@ -1088,11 +1088,21 @@ interface(`init_pid_filetrans',`
 ## </param>
 #
 interface(`init_getattr_initctl',`
-	gen_require(`
+	ifdef(`init_systemd',`
-		type initctl_t;
+		# stat /run/systemd/initctl/fifo
-	')
+		gen_require(`
+			type init_var_run_t;
+		')
 
-	allow $1 initctl_t:fifo_file getattr;
+		allow $1 init_var_run_t:fifo_file getattr;
+		allow $1 init_var_run_t:dir list_dir_perms;
+	',`
+		gen_require(`
+			type initctl_t;
+		')
+
+		allow $1 initctl_t:fifo_file getattr;
+	')
 ')
 
 ########################################

policy/modules/system/init.te

@@ -1,4 +1,4 @@
-policy_module(init, 2.2.1)
+policy_module(init, 2.2.2)
 
 gen_require(`
 	class passwd rootok;