diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 638723e2d..f1d1853c0 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -620,6 +620,10 @@ ifdef(`init_systemd',`
kubernetes_read_config(init_t)
')
+ optional_policy(`
+ locallogin_use_pidfds(init_t)
+ ')
+
optional_policy(`
# var-lib-nfs-rpc_pipefs.mount creates /var/lib/nfs/rpc_pipefs
# if it does not exist
diff --git a/policy/modules/system/locallogin.if b/policy/modules/system/locallogin.if
index 3c558ed3b..296963788 100644
--- a/policy/modules/system/locallogin.if
+++ b/policy/modules/system/locallogin.if
@@ -57,6 +57,24 @@ interface(`locallogin_use_fds',`
allow $1 local_login_t:fd use;
')
+########################################
+##
+## Use PIDFDs from local login.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`locallogin_use_pidfds',`
+ gen_require(`
+ type local_login_t;
+ ')
+
+ allow $1 local_login_t:fd use;
+')
+
########################################
##
## Do not audit attempts to inherit local login file descriptors.