From 449da6b4280dec1126e7065ba1dc834a4f84131e Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Wed, 13 Jul 2016 08:55:29 +0200
Subject: [PATCH] * Wed Jul 13 2016 Lukas Vrabec <lvrabec@redhat.com>
 3.13.1-202 - Allow systemd_logind_t to start init_t BZ(1355861) - Add
 init_start() interface - Allow sysadm user to run systemd-tmpfiles - Add
 interface systemd_tmpfiles_run

---
 docker-selinux.tgz        | Bin 4315 -> 4315 bytes
 policy-rawhide-base.patch |  71 +++++++++++++++++++++++++++++++-------
 selinux-policy.spec       |   6 ++++
 3 files changed, 64 insertions(+), 13 deletions(-)

diff --git a/docker-selinux.tgz b/docker-selinux.tgz
index 192c2eccb57c624f9a267b4881c8ab24b0cdf034..486f14cf54171d546fe65c8d5057577342351eff 100644
GIT binary patch
delta 2743
zcmV;o3P|<aA=@E;ABzY8bmfIt00Zq@>yO(u67N_0uMm;~**zq?o6QT@v^^Z!`*0r)
zD6aijK$RuhR#&eRsrCAT{O>ozmne$VW9?10cNUP?7H57Whoj-laI{Go-;(+wU4Qd<
z*A-mv-@nDr*B{<pnV)c7zkBoM%{Q;FKfHbY=Kb|Mq<eh?{qE}Bv4e~P1h3)W8?zGw
zy#s&RQU85?b*lgV5|?oF!@Nu&mOc~O@G^LPadmMu%SJ7q2S1TGgU26zWN=KD+z2Fu
z#`46Xl4lhJQ~%(-1iLK(7pK-~`iR>nl_%iQJcRnc{`hlHl{M4n8I?3O0vZhmYl>*4
zN3S<Hu#hi<b(B#8GqKFG%f9fFz9b@fS%iPW6e>i!sQY{=+C$o`{s_|~jJHv-A=sMp
z2ud?*O0<SUWJ}Xkl010pOnOGhFOM3-nr~uMQ7`*0!pHu-@mcyq4|8~ix6#eIpLJR-
zksHSqf{V}15v#k-98`7|KgCUXUUJqUw7A;@hUiiL=0ol07+hHr!I!C%hqF#|kB5JE
zWgjA(na#Eu=9M82_+c{e#y-QEc39x2#e@V7*}GTFk?t@V`~Iby-=?!*I{7G-Ezmd5
z`cxKwd&(#d4cY$8YOxsf;a6YPbZO!|(<V(6tbCLO!eqkzNFF;%$BvS0eFGj(v`Vv-
z?SoH2ye)S{aGQb|Tf;X%SX08%B*=eni!uoc!bCcde}m9cR~Yacb+iLawgyPdrn!0p
z%cs(-HOXLq$}qj^qHL3O8v@}PtGn4c=%>!oJY~E`Di2USz3L<n9^@JsACX0Jak$dK
zyo>J5AqW;%4`pqV9_uJiyN=hvia+tRp%p0-u($pQ&NS%Ga?aj{qEC~$mdt-uSvZro
zUkN%DVDvQ14`iK*O`C@@!;akVG$9TE2u{M{q2U|+-Q(G5;};u3FaJAj>>g%o@9_*=
zF@M5=^W)Iqvp$@jI{1zKYx>artP`})$?iUd_wgF@RviYP&+P}=<hfCrEb2VL;4(mw
z#&cbld22|~{7sV~->kd8rpkYCh;@Pto$OtY!XrV+>5<^%d85B!|DG}TLH23$9~pt%
zoescIWlIM@tg?sC#I4M-nZG(_Xz$0RPE7lH0R1q1N56WA;h3gnY%sdOD=(XZmBrNO
z$NQenG(8$)pP)xx2=|0#^IT)%UmM-ub9uv4A?9!}hDAI04#IQ=p8|g~LCL4U906j&
zf)B#D7rpbo=8R?c6^IRu=^(Q_SS3DP%3~0^B=10+iL2#>aTWg!A-H6#=fb7zUjKd_
ztF`Dm{Uo(f6^2^&?awljmBEM+(6-|>LR<J*kW3!6i3|`waWiazNdlqcuB>kdY53v)
zp2jSr4vHOO_}gJtG~R!bWB?nZP197#gcep9^P_+$X6YR$VPe8dq6AMjn}k>0OE}R&
zdsAAf(^;OTS{Vtu^KKK}k}R_sagrES^1yooKkGCOAucBtilU<s{Q>5krcKvVDd(VK
zveQG$N6O`k2~iJ`N`Gz{tA@Z7U0mjQm67|9OW(u5L+DBKcT#_P=HH<mnimpIStd>A
z0+WV<Yn71<G)V+StAR3CB9stp?nF`>7CkP}?WQi9s^6__7Jd}n=UH0ZS_JYqH|ppy
z-0$?;>6EgvM*CVvyO1Yp?!k{pQhI9=@gxR5mj$J}l*L=4QC6<lGX!5HDR(A_d`Cu=
z0vJua1#dQ;p|yX7QMgtdJ*OL!q(cFw2!l5u>G(e>jg2Mc$+`4Dk)2rQzNjw1=?I84
zER|L(A?v8gnDDdiJ9=Z13BBon>?vwqB0aTGR4JP>kQCeyrRzR|qv)!x@~)$JF7An;
zuI$?u=?gdL8Wf_;s7n+cj<jNUurh}Q|9sG$&?J9uj30l0FP{h5eJpA?@wjL-o0>#%
zh{YUrnh@MtH)(<&73N3bv%#NxDl@A1ZB>?xe}Vm1eU+t(=#7u2NhPrSKq2$~WWRh5
z?A1IvQDOP<i4Ni6*U85~Y_t4+Cmrd|M=DbBuynJTP8fe4Hrdo|8upVbB^uyUC!E)b
z+1yV9N!fq4^4BFGmvi05k7LCBh|?cqna51hVQGz<->KOMU+6Ba;PEZirOWO4cS9%(
z`8$H0lT?F94lv9?y}&9v{3=D^aG)F%UiYjixJwGQp4UTkP7!+~y$4&DVlBY~H8&U2
zQ8QX#7??<)Rx>wL4In43hU|`81y+|fEWUAvi2Z-tSy@(oCO4woq}5nc3NZqT!@ZZw
zaAYo(+lT0pxps9or4Gl(Np;BGBNe+1RqrSFp`<DyiMO$Uf0V>cof;vE3!yu3%kvQ%
zaL+%1mZtEx)x_5}IDRc8>1x?)Xtz6EF&)!|_gr!MV{0k6&o<MS<9{e;+kjqXtFF(+
z<3fLQ$8<En_9lUDuULL>-&cALJl!GlRyk--tCD9^pvjH#j|zmW+xHSp8+bykI{@~O
z!cEH^;^(`<=i{rVPj)*_RZCa1Q2$adSR07yG|KBuXaeCOd#eNtQXN_1jecC&k_nNu
zkoGj3lq&N+iO^C|mru2++O>u6_%^_(AC`Zt8mh7d_*J~>XgZFf5QMjFqkfB67*Y0)
z75})3<~Rr670|GF=#q9e0T)po#oM&#Y`&s?($&X0t;r77E^!b3g;ykv-hVnCw2!*r
zo_ZlR$*7ZCFdN$v&vDGVv}T?-LbTaFKfmc!d{=WwVb5Ka_fBZl*waoyqVjr!L`r{w
zJ5+o{P15JVx~$Q^mt5`Z6Co9&wubpq7dPqANQ-24WOVUdP{BhHVW=UAuplDkg{H<}
zY#-JffLvThC51RnS#*fo3ey&U!B<<>py|by%|<Pndad4-gK?!ROxkXeB#QZacW%;7
zPRWHkul5+CG<@a2S^2^}MGVX=|Jr{#)CfNJ%X5dy*?KRs^gMZeS|fecaSkK3E_rOF
z;IA#V;h#6abG*RN^PQd8G9+>w89-oU=8@%*!Sor~QV~TA7%FGc{+Zhp4H#kLT@2sG
z!Wr7#WrU??O2M(@QP&9Hu;oy1v1+q1Td}3w_*)`FrCp*ha(3;L$u_e9O2>btE-WJ{
zqASSSswDSrq2ALNIzSqEyTscte5Q0Ts{fejU}*2j)5DPm4x>gv#}B5)&r$S3-*%6L
z?0kWy^Co~bg^^=bbyR(r3CUPZJCZV0bYHtP{{P|<GQU_q=8Fx(?|)pqxqkEBe*fd`
zhtuEx|035VX2vgnlO>z{JuH8D1ac;K*5*e3VZ{1IKA^JNlj0j9mkq5iS7~u60Tzo_
zuco2M*O3v$0(n)GcV*V(<dv|I(=pBWoHa0bNfOwH|4{fAU%FHBQ}%Nq(;3spZxq3I
z$M3|q=b`(1Xm`s?Fz^!m?DFC-=YL&H1JVVw0tNOoL+Z1TTDO+ZUm<_pHV|B~V<1UQ
zxLZ?+HVoDc7CW*+MA*3>I!m$X>#?;+zu_Oqnyxb=Sm;0i7(D`*{Cio)o9U&{TRID|
z=QkNT2NajteLM?K)=--$n+JgSwEq&bX|u3Y9OqKo_SJttyySnX>rqhAFFOJ-pb69P
x8~%N=`FLM@cRXFE>vSKTuG4k8PS@!=U8n1Govzb$y8bt={{qBq?G6BV000fLX!-yE

delta 2743
zcmV;o3P|<aA=@E;ABzY8bg_e100Zq@>yO(u67N_0uMm;~**zq?n`|DyrtRU--iP~e
zKymHI0;(+0wz_(qNUhfw<bS^zzC=-^9&2y1y|aMCwm9=6IUEgVhNDf&_?FZc>H3?;
zyRP7R|Nbq0zW(s;%KU`u&AaRC>u+Aa`SAAY!}ZlWq<j4Y=H1oxv4e~P1mD2FYqJvr
zy#s%ZqyGE#`&0e*m$-zZALeBOvGkeHhL^$Xi>r&PSvG3<Jot&k89e^zBZFhI<VGMN
zG?ph8l{~8;nED6rCD?5VxHz>=(?{GssXPIX<{{Mo^~axss;rql&#0uS5zuHjSW`qR
zJ$k*tfrWe-tfPz)n2BYcUG{~a^d%9=%OZaircfc;McwC1(H_!f^+%W{VZ4os4Z+r&
zM^KtkQ=&B-B3qiSlH|c#XVNo5etFaw)_fDAih9|15kB_sjnC2_dYHpAyp3+w{jAe!
ziQG7@5L|q2j#%Aw=Ag2(_$hA6^OCa;p~c-MFhq~?Hy>(0$KcA62)<06Je+l!dpv)<
zEBg@P%xt#RFs}@Gzz>swH})CUw8H{FEhZ#z$lkqTj&z5~*!M5p{5G8h)5%AvY=ORc
z)~B-g+fznyXvp?wR*S`;55M}Vrb`p&nKo&nVCADM5GE7uNAlQFI(C#~>l^TRqE(uu
zY#)3I;%&Jrg4-0#*c!e8!kQA6CP9CGTa-yq5GK-r{2PRpy260psG}WVvNb?rHqF%=
zSU#0rtw{#^Q-<kP7iF8Q+YkuXSl!LmK|ght<|*SnQh9*t=~X9r@F3U7_=qf$i^G);
z=3R7e4neTEdMIm?^jJrE+I4&rtoRd88(NVf0ekC@;7o(=Ea&WPDEc(1Ysr6Hm4!2T
z`<0+m0Y*>5{6N;3*tB^lGwjIyP7~q)fZ!x79vZ&E-#wn4Hh!@o^zy&c#_nOZ_8!l`
z74s(?I6n>zKI_Bjse|9xzork}&pJW-ob2vXcptAZZ`EP&`P_b>O`aR2$)e5^3@!r{
zX*}0;nYV@%&EGT`^3A&YYpQ<?hgc`b(8=EQC_ECBoE`~Io;Ug%_U{>UA7r04|B(^M
z-RS@fRkm~h#43CEOx(&WoB69_hW373>cq6K2hb1Gcl4`=7>;RL#s;Gcyz;UsSXoSc
ze!TDLOw*$=_6d6Ag>X+;HqSLC{<YElJ(o8;6=DttV_39<?;uQ9@F{;V6O?=k%n=|a
zEchUdd(k`ZYtC49UxC=rm<}?_gH__wr91|qOY#oHnYdbB7+3M%5Q0m#dM;eb?)C52
zv0971(@#<xRbi-Q-~KEkSs9EN0c|^8BeaE|1<B-5o5%q16F0*am?RK7?#lXhkcJ=r
z?`h03>Y&&mhQA$VMdN=hNd~Yn+B8j-OlV<+F+U23VwT>45+)|RBuemfvq^Z>y@V4j
zv^S-tI-TWds+EzjJMT8pEy*&Q5hsaJB@ete@Uu?i5aM!Tp(r{E(H~&mY1(u>m2wU$
zCObW}e572ym=N_4sr2WTv1$lR(Zyw+R~fkvx%52@JcOP!e<y#XXZ{`9p?M+Ulx5O%
zE-+~*xK<g-K$ApJv>GULB|-_o=1wHFVbS9f-EQi#sruc@X5mNCeV(PotwkV@bEA$P
z!~IUbolYq$YqYO*v<rEn<{tcrB&D||5l>>^b6HTjOIf@%8fE2*JwxzSl5%H)$aiE^
zDS*+$TkvMn8Cri^7=>%a(Q~>nNjel@iZFNsl8*nA(%4v1o}5en6WNJ%?u+UIoQ{A<
z!%}Ir60(k(j0r#MzN0rLnb4aK$eyC+CDKz1MU}EC14+RRQM&FUIEt?7D(^aq=i;6i
z>dL-tk-l()u0bKnjJibO;Ycfn2P<<}@XrU`2~G0n#`u5n_wsp=-N&Ma6OW5Vv#CiG
zhgi%}rwPHWb(1FeQDJ@*J{$bGr!u38-&SSG_!roJ)mK@nh~D^Unp6VI4-_)*Pxj0A
zz+TOx6BU*ppXd-Cew};_#5T+CchZsWe54{34@)<j>4fp;VUtbWreQz1QlbGqb;5a_
zn9cn(kd%LID}P-Aayi#+{5VG3k2w7?mU+x19hTO(`JI}L@P+Qu3Lf8LUAo+!e>a4(
zkiR3?IY~8$<N(7Q)C;V#!>>{l4hPCX;dRfNg1e+(>v=sy=M=F=(tEIVDb^A^P;+xJ
z9W|o`hJlF$YBh61)c|thYRK-mRbX{#!{Qrvh}eI>ot0(fXL2LTO<IjLr4S>aINW==
z3`gctxqXNpnQK>fQ|fShoK%P0JyNmTQ1yOtA4;kcl6V^n_(w_H)Tt4oxDdJnw>%%Q
z0r&h9XlV+6TTOgzgX7milCGA$hIYHt71J?Yc+VB5Kem>F`)o6PIsS)owhicIw(9z9
zJT8AkcT7hEY;O|i_KM~A_I;)2z|$QvZ<T}gv?_Tv1)AI#|ENI7x_vLvw1Fqox&vSj
zDcrQ&A%4Cqd_KN<`ee7`RJC+93-vGcg0+FDPNTfugeDLkvbRdWAk~p2-ss1bEtwEm
z3u#ZoNvSgLlL##Zb@^1As$E<7j&B2u`eA>`s-Y@dfM3O{j;7-%3PE_=HtM&Cg%M@%
zSn-dmXpVF6T>%Y?hc0Pn6L1mbQM^ry&gLuXCtZE4)0*sH?GpFkUwB2*=>4bTLHno+
z?x`1IlZ-mK1+%d&@f^pzOKawdBSf3+^Yfct#dkG_6!zRzdGCZ)jXmuYBr2~rNTh!h
zxI@KP)Fgc#tjikxd&$+lJ`qweYHOG;b#ap(jkHK+M@ARV1r<CL5r!I)2n!-oUTA6z
z#`a;&0m#L5R8olJltqWQtuSrz7kss44VqqT*=*FJsn_aVIT%;E!ldmcNurp)cjqSU
z<dj^v^J<SFO2bzUoRu%!Q^df`@~?lbLyh2bzdU!SoUQjFOV5+nr!~@79p^Ao>ypP-
z3jW$+8~%9%JjV+RJ>S`hEkh#5kpTooW*%7{8BCv%EfrD3fT400?Vq_#(SQ*)-o@~3
zES#a;T}D`XrW71Y9(9fI4O<TN7OOTJvlUy)jlU%_RN5s9BWKq>nQSu)pmcv+>cTRT
zBD#XCtx9t57V15Xp#!9mw@bVY!)Hndqxz4T4u<xgJUtwF;4o?wbo^jy{2WCu^lkS@
z$j%pNI&T74Qy4i`RY%o_nUIXtv?D1~MfbH!<Nq%%A@hs%W4_oh{Qk$)^_%PW_WK`i
zKb-#l{};I~F*APon=IMn?_qz*Bakz>vo<&K4<pt$@&T3Ao)q5@xol{Cxk`&m39wka
zdNmD2zK)D27RaljyeqRNC$EH!oQ`R}=d6LjOOn7o{D;D~_|lz{pR%6|na-F#exnG!
zJANm=JrCXAL%UmEf`OOdXO|a$IsfZo8jvoa6)3Q$8B(8x)Vj5N{tAETwt?V^9Ro>f
z!rhumv|+Gru-K6mBEru7&{>L2UyrRt`VId;)^wd2!9oWDz~~Xc<loCW-b^or-qKl!
zJ-^A&IiR@A?&Dc_vWD73**pNmr~Q|hO`C<K;y9Puwy*vJ;wAr6U5|o_e%TR#0Zo{O
x-|+8~&By!NyW{CPU8f)Gbe*o#b-GU1={jAf>vWy2)Ahe`{TBemQC|Rf0001hbxi;O

diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 671a9491..097cf35c 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -25374,7 +25374,7 @@ index ff92430..36740ea 100644
  ## <summary>
  ##	Execute a generic bin program in the sysadm domain.
 diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
-index 2522ca6..fe03d6d 100644
+index 2522ca6..a23a472 100644
 --- a/policy/modules/roles/sysadm.te
 +++ b/policy/modules/roles/sysadm.te
 @@ -5,39 +5,88 @@ policy_module(sysadm, 2.6.1)
@@ -25807,7 +25807,7 @@ index 2522ca6..fe03d6d 100644
  ')
  
  optional_policy(`
-@@ -345,30 +490,37 @@ optional_policy(`
+@@ -345,30 +490,38 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -25820,6 +25820,7 @@ index 2522ca6..fe03d6d 100644
 +	systemd_login_reboot(sysadm_t)
 +	systemd_login_halt(sysadm_t)
 +	systemd_login_undefined(sysadm_t)
++	systemd_tmpfiles_run(sysadm_t, sysadm_r)
  ')
  
  optional_policy(`
@@ -25854,7 +25855,7 @@ index 2522ca6..fe03d6d 100644
  ')
  
  optional_policy(`
-@@ -380,10 +532,6 @@ optional_policy(`
+@@ -380,10 +533,6 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -25865,7 +25866,7 @@ index 2522ca6..fe03d6d 100644
  	usermanage_run_admin_passwd(sysadm_t, sysadm_r)
  	usermanage_run_groupadd(sysadm_t, sysadm_r)
  	usermanage_run_useradd(sysadm_t, sysadm_r)
-@@ -391,6 +539,9 @@ optional_policy(`
+@@ -391,6 +540,9 @@ optional_policy(`
  
  optional_policy(`
  	virt_stream_connect(sysadm_t)
@@ -25875,7 +25876,7 @@ index 2522ca6..fe03d6d 100644
  ')
  
  optional_policy(`
-@@ -398,31 +549,34 @@ optional_policy(`
+@@ -398,31 +550,34 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -25916,7 +25917,7 @@ index 2522ca6..fe03d6d 100644
  		auth_role(sysadm_r, sysadm_t)
  	')
  
-@@ -435,10 +589,6 @@ ifndef(`distro_redhat',`
+@@ -435,10 +590,6 @@ ifndef(`distro_redhat',`
  	')
  
  	optional_policy(`
@@ -25927,7 +25928,7 @@ index 2522ca6..fe03d6d 100644
  		dbus_role_template(sysadm, sysadm_r, sysadm_t)
  
  		optional_policy(`
-@@ -459,15 +609,79 @@ ifndef(`distro_redhat',`
+@@ -459,15 +610,79 @@ ifndef(`distro_redhat',`
  	')
  
  	optional_policy(`
@@ -35258,7 +35259,7 @@ index bc0ffc8..37b8ea5 100644
  ')
 +/var/run/systemd(/.*)?		gen_context(system_u:object_r:init_var_run_t,s0)
 diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
-index 79a45f6..e176b9f 100644
+index 79a45f6..9926eaf 100644
 --- a/policy/modules/system/init.if
 +++ b/policy/modules/system/init.if
 @@ -1,5 +1,21 @@
@@ -36301,7 +36302,7 @@ index 79a45f6..e176b9f 100644
  ')
  
  ########################################
-@@ -1806,37 +2294,672 @@ interface(`init_pid_filetrans_utmp',`
+@@ -1806,37 +2294,690 @@ interface(`init_pid_filetrans_utmp',`
  	files_pid_filetrans($1, initrc_var_run_t, file, "utmp")
  ')
  
@@ -36729,6 +36730,24 @@ index 79a45f6..e176b9f 100644
 +
 +########################################
 +## <summary>
++##	Start  system from init
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`init_start',`
++	gen_require(`
++		type init_t;
++	')
++
++	allow $1 init_t:system start;
++')
++
++########################################
++## <summary>
 +##	Tell init to reboot the system.
 +## </summary>
 +## <param name="domain">
@@ -46795,10 +46814,10 @@ index 0000000..8b77d7a
 +/var/run/initramfs(/.*)?	<<none>>
 diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
 new file mode 100644
-index 0000000..513b97b
+index 0000000..16cd1ac
 --- /dev/null
 +++ b/policy/modules/system/systemd.if
-@@ -0,0 +1,1738 @@
+@@ -0,0 +1,1763 @@
 +## <summary>SELinux policy for systemd components</summary>
 +
 +######################################
@@ -47405,6 +47424,31 @@ index 0000000..513b97b
 +
 +########################################
 +## <summary>
++##	Execute systemd-tmpfiles in the systemd_tmpfiles_t domain, and
++##	allow the specified role the systemd_tmpfiles domain.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access
++##	</summary>
++## </param>
++## <param name="role">
++##	<summary>
++##	The role to be allowed the systemd_tmpfiles domain.
++##	</summary>
++## </param>
++#
++interface(`systemd_tmpfiles_run',`
++	gen_require(`
++		type systemd_tmpfiles_t;
++	')
++
++	systemd_passwd_agent_domtrans($1)
++	role $2 types systemd_tmpfiles_t;
++')
++
++########################################
++## <summary>
 +##	Role access for systemd_passwd_agent
 +## </summary>
 +## <param name="role">
@@ -48539,10 +48583,10 @@ index 0000000..513b97b
 +')
 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
 new file mode 100644
-index 0000000..7877160
+index 0000000..180e701
 --- /dev/null
 +++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,957 @@
+@@ -0,0 +1,958 @@
 +policy_module(systemd, 1.0.0)
 +
 +#######################################
@@ -48770,6 +48814,7 @@ index 0000000..7877160
 +init_named_pid_filetrans(systemd_logind_t, systemd_logind_inhibit_var_run_t, dir, "inhibit")
 +
 +init_status(systemd_logind_t)
++init_start(systemd_logind_t)
 +init_signal(systemd_logind_t)
 +init_reboot(systemd_logind_t)
 +init_halt(systemd_logind_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 2a756761..7b0f931c 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -648,6 +648,12 @@ exit 0
 %endif
 
 %changelog
+* Wed Jul 13 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-202
+- Allow systemd_logind_t to start init_t BZ(1355861)
+- Add init_start() interface
+- Allow sysadm user to run systemd-tmpfiles
+- Add interface systemd_tmpfiles_run
+
 * Mon Jul 11 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-201
 - Allow lttng tools to block suspending
 - Allow creation of vpnaas in openstack