Index: refpolicy-2.20210130/policy/modules/system/init.if
===================================================================
--- refpolicy-2.20210130.orig/policy/modules/system/init.if
+++ refpolicy-2.20210130/policy/modules/system/init.if
@@ -178,7 +178,11 @@ interface(`init_domain',`
 
 	role system_r types $1;
 
-	domtrans_pattern(init_t, $2, $1)
+	ifdef(`init_systemd', `
+		domtrans_pattern(init_t, $2, $1)
+		allow init_t $1:unix_stream_socket create_stream_socket_perms;
+		allow $1 init_t:unix_dgram_socket sendto;
+	')
 
 	allow init_t $1:process rlimitinh;
 
Index: refpolicy-2.20210130/policy/modules/system/fstools.te
===================================================================
--- refpolicy-2.20210130.orig/policy/modules/system/fstools.te
+++ refpolicy-2.20210130/policy/modules/system/fstools.te
@@ -151,6 +151,11 @@ init_use_script_ptys(fsadm_t)
 init_dontaudit_getattr_initctl(fsadm_t)
 init_rw_script_stream_sockets(fsadm_t)
 
+ifdef(`hide_broken_symptoms',`
+	# for /run/pm-utils/locks/pm-powersave.lock
+	init_read_utmp(fsadm_t)
+')
+
 logging_send_syslog_msg(fsadm_t)
 
 miscfiles_read_localization(fsadm_t)
Index: refpolicy-2.20210130/policy/modules/system/sysnetwork.te
===================================================================
--- refpolicy-2.20210130.orig/policy/modules/system/sysnetwork.te
+++ refpolicy-2.20210130/policy/modules/system/sysnetwork.te
@@ -345,6 +345,11 @@ files_dontaudit_read_root_files(ifconfig
 init_use_fds(ifconfig_t)
 init_use_script_ptys(ifconfig_t)
 
+ifdef(`hide_broken_symptoms',`
+	# for /run/pm-utils/locks/pm-powersave.lock
+	init_read_utmp(ifconfig_t)
+')
+
 logging_send_syslog_msg(ifconfig_t)
 
 miscfiles_read_localization(ifconfig_t)
Index: refpolicy-2.20210130/config/appconfig-mcs/default_contexts
===================================================================
--- refpolicy-2.20210130.orig/config/appconfig-mcs/default_contexts
+++ refpolicy-2.20210130/config/appconfig-mcs/default_contexts
@@ -2,7 +2,7 @@ system_r:crond_t:s0		user_r:user_t:s0 st
 system_r:init_t:s0		user_r:user_systemd_t:s0 staff_r:staff_systemd_t:s0 sysadm_r:sysadm_systemd_t:s0 unconfined_r:unconfined_t:s0
 system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 system_r:remote_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
-system_r:sshd_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
+system_r:sshd_t:s0		user_r:user_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
 system_r:sulogin_t:s0		sysadm_r:sysadm_t:s0
 system_r:xdm_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 
Index: refpolicy-2.20210130/Makefile
===================================================================
--- refpolicy-2.20210130.orig/Makefile
+++ refpolicy-2.20210130/Makefile
@@ -240,6 +240,7 @@ M4PARAM += -D mls_num_sens=$(MLS_SENS) -
 # differently on different distros
 ifeq ($(DISTRO),debian)
 	CTAGS := ctags-exuberant
+	M4PARAM += -D use_alsa
 endif
 
 ifeq ($(DISTRO),gentoo)
