What were you trying to do that didn't work?

When restarting the audit service using service auditd restart from a custom service (e.g. an automation service), the auditctl --signal stop command may wait forever for auditd response, which never comes because auditd didn't receive the SIGTERM event at all.
The reason for this is auditctl running as auditctl_t is not allowed to send signals:

# ausearch -i -m avc -ts recent
----
type=PROCTITLE msg=audit(11/26/2024 09:41:41.369:168901) : proctitle=/sbin/auditctl --signal stop 
type=SYSCALL msg=audit(11/26/2024 09:41:41.369:168901) : arch=x86_64 syscall=pidfd_send_signal success=no exit=EACCES(Permission denied) a0=0x4 a1=0xf a2=0x0 a3=0x0 items=0 ppid=6984 pid=6987 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=auditctl exe=/usr/sbin/auditctl subj=system_u:system_r:auditctl_t:s0 key=(null) 
type=AVC msg=audit(11/26/2024 09:41:41.369:168901) : avc:  denied  { signal } for  pid=6987 comm=auditctl scontext=system_u:system_r:auditctl_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=process permissive=0 

What is the impact of this issue to you?

Customer cannot control auditd from his custom service

Please provide the package NVR for which the bug is seen:

selinux-policy-38.1.45-3.el9_5.noarch

How reproducible is this bug?:

Always

Steps to reproduce

1. Restart auditd as shown below

   # systemd-run sh -c "service auditd restart"

Expected results

auditd restarts

Actual results

auditd doesn't get the SIGTERM signal, AVC produced.

Additional information

Through using systemd-run sh -c "service auditd restart", i.e. wrapped in a shell, the transient service will run as initrc_t, which leads to transitioning on auditctl execution to auditctl_t.

The solution is to add: (allow auditctl_t auditd_t (process (signal)))