Without /run, most init scripts use /var/run/<service> as their var_run_t location (like sshd_var_run_t). This location is often created by a package and, by just setting the right context, the package manager makes this location correctly labeled from the start.
With /run however, these directories are (re)created over and over again at every boot (since /run is a tmpfs). The directories are often created by init scripts, running in initrc_t but are otherwise not SELinux-aware. As a result, all created directories in /run inherit the initrc_var_run_t label.
Although one fix could be to update all init scripts to run "restorecon" afterwards, this might be fixed by the policy as well (using named file transitions).
Necessary named file transitions will be supported in r11
In hardened-dev overlay, rev 11
In main tree, ~arch'ed