add back stray file descriptors dontaudit for rhel4

refpolicy/policy/modules/system/init.if

@@ -32,6 +32,16 @@ interface(`init_domain',`
 	allow init_t $1:fd use;
 	allow $1 init_t:fifo_file rw_file_perms;
 	allow $1 init_t:process sigchld;
+
+	ifdef(`hide_broken_symptoms',`
+		# RHEL4 systems seem to have a stray
+		# fds open from the initrd
+		ifdef(`distro_rhel4',`
+			kernel_dontaudit_use_fd($1)
+			storage_dontaudit_read_fixed_disk($1)
+			files_dontaudit_read_root_file($1)
+		')
+	')
 ')
 
 ########################################
@@ -75,6 +85,16 @@ interface(`init_daemon_domain',`
 		typeattribute $2 direct_init_entry;
 	')
 
+	ifdef(`hide_broken_symptoms',`
+		# RHEL4 systems seem to have a stray
+		# fds open from the initrd
+		ifdef(`distro_rhel4',`
+			kernel_dontaudit_use_fd($1)
+			storage_dontaudit_read_fixed_disk($1)
+			files_dontaudit_read_root_file($1)
+		')
+	')
+
 	ifdef(`targeted_policy',`
 		# this regex is a hack, since it assumes there is a
 		# _t at the end of the domain type.  If there is no _t
@@ -141,6 +161,16 @@ interface(`init_system_domain',`
 	allow $1 initrc_t:fd use;
 	allow $1 initrc_t:fifo_file rw_file_perms;
 	allow $1 initrc_t:process sigchld;
+
+	ifdef(`hide_broken_symptoms',`
+		# RHEL4 systems seem to have a stray
+		# fds open from the initrd
+		ifdef(`distro_rhel4',`
+			kernel_dontaudit_use_fd($1)
+			storage_dontaudit_read_fixed_disk($1)
+			files_dontaudit_read_root_file($1)
+		')
+	')
 ')
 
 ########################################