Apply direct_initrc to unconfined_r:unconfined_t

Make it consistent with sysadm_r:sysadm_t.

If you build targeted policy then consider direct_initrc=y

If you build with direct_initrc=n then both unconfined_r:unconfined_t,
as well as sysadm_r:sysadm_t rely on run_init for running services on
behalf of the system.

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>

policy/modules/system/unconfined.te

@@ -33,8 +33,6 @@ files_create_boot_flag(unconfined_t)
 mcs_killall(unconfined_t)
 mcs_ptrace_all(unconfined_t)
 
-init_run_daemon(unconfined_t, unconfined_r)
-
 libs_run_ldconfig(unconfined_t, unconfined_r)
 
 logging_send_syslog_msg(unconfined_t)
@@ -49,9 +47,15 @@ unconfined_domain(unconfined_t)
 
 userdom_user_home_dir_filetrans_user_home_content(unconfined_t, { dir file lnk_file fifo_file sock_file })
 
-ifdef(`distro_gentoo',`
-	seutil_run_runinit(unconfined_t, unconfined_r)
-	seutil_init_script_run_runinit(unconfined_t, unconfined_r)
+ifdef(`direct_sysadm_daemon',`
+        optional_policy(`
+                init_run_daemon(unconfined_t, unconfined_r)
+        ')
+',`
+        ifdef(`distro_gentoo',`
+                seutil_run_runinit(unconfined_t, unconfined_r)
+                seutil_init_script_run_runinit(unconfined_t, unconfined_r)
+        ')
 ')
 
 optional_policy(`

policy/users

@@ -29,7 +29,11 @@ gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_
 gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
 
 # Until order dependence is fixed for users:
-gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
+ifdef(`direct_sysadm_daemon',`
+        gen_user(unconfined_u, unconfined, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+',`
+        gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
+')
 
 #
 # The following users correspond to Unix identities.