From f14eec646bb7aaef59c4e5a9fa37be21e9797964 Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Thu, 4 Jun 2020 20:41:46 +0800
Subject: [PATCH] solve shutdown permission denied caused by dracut

Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
---
 policy/modules/system/init.te  | 2 ++
 policy/modules/system/lvm.te   | 1 +
 policy/modules/system/mount.te | 1 +
 3 files changed, 4 insertions(+)

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index e3e8b37..73cccdc 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -215,6 +215,8 @@ dev_filetrans(init_t, initctl_t, fifo_file)
 # Modify utmp.
 allow init_t initrc_var_run_t:file { rw_file_perms setattr };
 
+allow init_t root_t:dir create;
+
 kernel_read_system_state(init_t)
 kernel_share_state(init_t)
 kernel_stream_connect(init_t)
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index 99babc9..77fb8f7 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -323,6 +323,7 @@ init_use_fds(lvm_t)
 init_dontaudit_getattr_initctl(lvm_t)
 init_use_script_ptys(lvm_t)
 init_read_script_state(lvm_t)
+init_nnp_daemon_domain(lvm_t)
 
 logging_send_syslog_msg(lvm_t)
 logging_stream_connect_syslog(lvm_t)
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 816066d..e884bf5 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -186,6 +186,7 @@ init_use_script_ptys(mount_t)
 init_dontaudit_getattr_initctl(mount_t)
 init_stream_connect_script(mount_t)
 init_rw_script_stream_sockets(mount_t)
+init_nnp_daemon_domain(mount_t)
 
 logging_send_syslog_msg(mount_t)
 
-- 
1.8.3.1