Su patch from Dan Walsh.

dontaudit leaked sockets

policy/modules/admin/su.if

@@ -118,6 +118,11 @@ template(`su_restricted_domain_template', `
 		userdom_spec_domtrans_unpriv_users($1_su_t)
 	')
 
+	ifdef(`hide_broken_symptoms',`
+		# dontaudit leaked sockets from parent
+		dontaudit $1_su_t $2:socket_class_set { read write };
+	')
+
 	optional_policy(`
 		cron_read_pipes($1_su_t)
 	')
@@ -276,6 +281,11 @@ template(`su_role_template',`
 		')
 	')
 
+	ifdef(`hide_broken_symptoms',`
+		# dontaudit leaked sockets from parent
+		dontaudit $1_su_t $3:socket_class_set { read write };
+	')
+
 	tunable_policy(`allow_polyinstantiation',`
 		fs_mount_xattr_fs($1_su_t)
 		fs_unmount_xattr_fs($1_su_t)

policy/modules/admin/su.te

@@ -1,4 +1,4 @@
-policy_module(su, 1.10.0)
+policy_module(su, 1.10.1)
 
 ########################################
 #