diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index d26fe81c2..3f0c2d34d 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -415,6 +415,33 @@ interface(`init_ranged_system_domain',`
')
')
+########################################
+##
+## Mark the file type as a daemon run dir, allowing initrc_t
+## to create it
+##
+##
+##
+## Type to mark as a daemon run dir
+##
+##
+##
+##
+## Filename of the directory that the init script creates
+##
+##
+#
+interface(`init_daemon_run_dir',`
+ gen_require(`
+ attribute daemonrundir;
+ type initrc_t;
+ ')
+
+ typeattribute $1 daemonrundir;
+
+ files_pid_filetrans(initrc_t, $1, dir, $2)
+')
+
########################################
##
## Execute init (/sbin/init) with a domain transition.
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index f3c70ffab..933f8461a 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -29,6 +29,9 @@ attribute init_run_all_scripts_domain;
# Mark process types as daemons
attribute daemon;
+# Mark file type as a daemon run directory
+attribute daemonrundir;
+
#
# init_t is the domain of the init process.
#
@@ -242,6 +245,9 @@ init_telinit(initrc_t)
can_exec(initrc_t, init_script_file_type)
+create_dirs_pattern(initrc_t, daemonrundir, daemonrundir)
+setattr_dirs_pattern(initrc_t, daemonrundir, daemonrundir)
+
domtrans_pattern(init_run_all_scripts_domain, initrc_exec_t, initrc_t)
manage_dirs_pattern(initrc_t, initrc_state_t, initrc_state_t)