Index: refpolicy-2.20231119/policy/modules/system/init.te
===================================================================
--- refpolicy-2.20231119.orig/policy/modules/system/init.te
+++ refpolicy-2.20231119/policy/modules/system/init.te
@@ -722,6 +722,7 @@ allow initrc_t self:fifo_file rw_fifo_fi
 
 allow initrc_t initrc_devpts_t:chr_file rw_term_perms;
 term_create_pty(initrc_t, initrc_devpts_t)
+term_watch_reads_unallocated_ttys(initrc_t)
 
 # Going to single user mode
 init_telinit(initrc_t)
@@ -1155,6 +1156,8 @@ ifdef(`init_systemd',`
 	# for logsave in strict configuration
 	fstools_write_log(initrc_t)
 
+	fs_mounton_memory_pressure(initrc_t)
+
 	init_get_all_units_status(initrc_t)
 	init_manage_var_lib_files(initrc_t)
 	init_rw_stream_sockets(initrc_t)
Index: refpolicy-2.20231119/policy/modules/system/init.if
===================================================================
--- refpolicy-2.20231119.orig/policy/modules/system/init.if
+++ refpolicy-2.20231119/policy/modules/system/init.if
@@ -356,6 +356,12 @@ interface(`init_daemon_domain',`
 
 	domtrans_pattern(initrc_t, $2, $1)
 
+	# so new systemd and other mechanisms can set NNP and still execute a domain transition
+	allow initrc_t $1:process2 nnp_transition;
+
+	# for new systemd to redirect output to socket
+	allow $1 initrc_t:unix_stream_socket rw_socket_perms;
+
 	# daemons started from init will
 	# inherit fds from init for the console
 	init_dontaudit_use_fds($1)
@@ -551,6 +557,12 @@ interface(`init_system_domain',`
 
 	domtrans_pattern(initrc_t, $2, $1)
 
+	# so systemd and other mechanisms can set NNP and still execute a domain transition
+	allow initrc_t $1:process2 nnp_transition;
+
+	# for new systemd to redirect output to socket
+	allow $1 initrc_t:unix_stream_socket rw_socket_perms;
+
 	ifdef(`init_systemd',`
 		init_domain($1, $2)
 	')
Index: refpolicy-2.20231119/policy/modules/system/authlogin.if
===================================================================
--- refpolicy-2.20231119.orig/policy/modules/system/authlogin.if
+++ refpolicy-2.20231119/policy/modules/system/authlogin.if
@@ -90,6 +90,7 @@ interface(`auth_use_pam_systemd',`
 	dbus_system_bus_client($1)
 	systemd_connect_machined($1)
 	systemd_dbus_chat_logind($1)
+	systemd_logind_use_fds($1)
 ')
 
 ########################################
Index: refpolicy-2.20231119/policy/modules/services/xserver.te
===================================================================
--- refpolicy-2.20231119.orig/policy/modules/services/xserver.te
+++ refpolicy-2.20231119/policy/modules/services/xserver.te
@@ -584,6 +584,8 @@ optional_policy(`
 	')
 
 	optional_policy(`
+		auth_use_pam_systemd(xdm_t)
+		systemd_dbus_chat_hostnamed(xdm_t)
 		systemd_read_logind_runtime_files(xdm_t)
 	')
 ')
Index: refpolicy-2.20231119/policy/modules/system/systemd.if
===================================================================
--- refpolicy-2.20231119.orig/policy/modules/system/systemd.if
+++ refpolicy-2.20231119/policy/modules/system/systemd.if
@@ -1234,6 +1234,24 @@ interface(`systemd_use_logind_fds',`
 
 ######################################
 ## <summary>
+##   Allow systemd-logind to use fds received from dbus
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`systemd_logind_use_fds',`
+	gen_require(`
+		type systemd_logind_t;
+	')
+
+	allow systemd_logind_t $1:fd use;
+')
+
+######################################
+## <summary>
 ##      Watch logind sessions dirs.
 ## </summary>
 ## <param name="domain">
Index: refpolicy-2.20231119/policy/modules/kernel/filesystem.if
===================================================================
--- refpolicy-2.20231119.orig/policy/modules/kernel/filesystem.if
+++ refpolicy-2.20231119/policy/modules/kernel/filesystem.if
@@ -1254,6 +1254,24 @@ interface(`fs_watch_memory_pressure',`
 
 ########################################
 ## <summary>
+##      Allow mounting a file ovr a memory.pressure file
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Source domain
+##      </summary>
+## </param>
+#
+interface(`fs_mounton_memory_pressure',`
+	gen_require(`
+		type memory_pressure_t;
+	')
+
+	allow $1 memory_pressure_t:file mounton;
+')
+
+########################################
+## <summary>
 ##	Do not audit attempts to read
 ##	dirs on a CIFS or SMB filesystem.
 ## </summary>
