Denial relabeling /run/systemd/private

I am seeing the following denial (in dmesg) during system startup:
[    4.623332] type=1400 audit(1507767947.042:3): avc:  denied  { relabelto } for  pid=1 comm="systemd" name="private" dev="tmpfs" ino=5865 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=sock_file

It appears that systemd is attempting to relablel the socket file /run/systemd/private to init_var_run_t but doesn't have permission.

Updated to create new interface for relabeling of sock_files rather than adding to existing interface

Signed-off-by: Dave Sugar <dsugar@tresys.com>

policy/modules/kernel/files.if

@@ -6737,6 +6737,25 @@ interface(`files_relabel_all_pid_dirs',`
 	relabel_dirs_pattern($1, pidfile, pidfile)
 ')
 
+########################################
+## <summary>
+##	Relabel to/from all var_run (pid) socket files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain alloed access.
+##	</summary>
+## </param>
+#
+interface(`files_relabel_all_pid_sock_files',`
+	gen_require(`
+		attribute pidfile;
+	')
+
+	relabel_sock_files_pattern($1, pidfile, pidfile)
+')
+
+
 ########################################
 ## <summary>
 ##	Relabel to/from all var_run (pid) files and directories

policy/modules/system/init.te

@@ -320,6 +320,7 @@ ifdef(`init_systemd',`
 	files_mounton_root(init_t)
 	files_search_pids(init_t)
 	files_relabel_all_pids(init_t)
+	files_relabel_all_pid_sock_files(init_t)
 	files_relabelto_etc_runtime_dirs(init_t)
 	files_relabelto_etc_runtime_files(init_t)
 	files_read_all_locks(init_t)