diff --git a/Changelog b/Changelog
index b2b0f4b..e03ca42 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,6 @@
+- Issuing commands to upstart is over a datagram socket, not the initctl
+  named pipe.  Updated init_telinit() to match.
+
 * Wed Jul 02 2008 Chris PeBenito <selinux@tresys.com> - 20080702
 - Fix httpd_enable_homedirs to actually provide the access it is supposed to
   provide.
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index acda111..cb8974e 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -469,6 +469,16 @@ interface(`init_telinit',`
 	allow $1 initctl_t:fifo_file rw_fifo_file_perms;
 
 	init_exec($1)
+
+	tunable_policy(`init_upstart',`
+		gen_require(`
+			type init_t;
+		')
+
+		# upstart uses a datagram socket instead of initctl pipe
+		allow $1 self:unix_dgram_socket create_socket_perms;
+		allow $1 init_t:unix_dgram_socket sendto;
+	')
 ')
 
 ########################################
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 81a679d..0e457dd 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,5 +1,5 @@
 
-policy_module(init, 1.11.0)
+policy_module(init, 1.11.1)
 
 gen_require(`
 	class passwd rootok;