Label systemd files in init module

policy/modules/system/init.fc

@@ -25,6 +25,7 @@ ifdef(`distro_gentoo',`
 ifdef(`distro_gentoo', `
 /lib/rc/init\.d(/.*)?		gen_context(system_u:object_r:initrc_state_t,s0)
 ')
+/lib/systemd/systemd	--	gen_context(system_u:object_r:init_exec_t,s0)
 
 #
 # /sbin
@@ -42,6 +43,8 @@ ifdef(`distro_gentoo', `
 #
 /usr/bin/sepg_ctl	--	gen_context(system_u:object_r:initrc_exec_t,s0)
 
+/usr/lib/systemd/systemd --	gen_context(system_u:object_r:init_exec_t,s0)
+
 /usr/libexec/dcc/start-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
 /usr/libexec/dcc/stop-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)
 
@@ -51,11 +54,14 @@ ifdef(`distro_gentoo', `
 #
 # /var
 #
+/var/lib/systemd(/.*)?		gen_context(system_u:object_r:init_var_lib_t,s0)
+
 /var/run/initctl	-p	gen_context(system_u:object_r:initctl_t,s0)
 /var/run/utmp		--	gen_context(system_u:object_r:initrc_var_run_t,s0)
 /var/run/runlevel\.dir		gen_context(system_u:object_r:initrc_var_run_t,s0)
 /var/run/random-seed	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
 /var/run/setmixer_flag	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
+/var/run/systemd(/.*)?		gen_context(system_u:object_r:init_var_run_t,s0)
 
 ifdef(`distro_debian',`
 /var/run/hotkey-setup	--	gen_context(system_u:object_r:initrc_var_run_t,s0)

policy/modules/system/init.te

@@ -40,11 +40,17 @@ kernel_domtrans_to(init_t, init_exec_t)
 role system_r types init_t;
 
 #
-# init_var_run_t is the type for /var/run/shutdown.pid.
+# init_var_run_t is the type for /var/run/shutdown.pid and /var/run/systemd.
 #
 type init_var_run_t;
 files_pid_file(init_var_run_t)
 
+#
+# init_var_lib_t is the type for /var/lib/systemd.
+#
+type init_var_lib_t;
+files_type(init_var_lib_t)
+
 #
 # initctl_t is the type of the named pipe created
 # by init during initialization.  This pipe is used