Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1018306

Summary:	selinux policy causes pulse daemon not working properly
Product:	Red Hat Enterprise Linux 6	Reporter:	Jan Tluka <jtluka>
Component:	selinux-policy	Assignee:	Miroslav Grepl <mgrepl>
Status:	CLOSED ERRATA	QA Contact:	BaseOS QE Security Team <qe-baseos-security>
Severity:	urgent	Docs Contact:
Priority:	urgent
Version:	6.5	CC:	dwalsh, eparis, jtluka, mgrepl, mmalik, tlavigne
Target Milestone:	rc
Target Release:	---
Hardware:	Unspecified
OS:	Linux
Whiteboard:
Fixed In Version:	selinux-policy-3.7.19-225.el6	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2013-11-21 10:53:08 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Jan Tluka 2013-10-11 16:12:17 UTC

Description of problem:

I installed recent rhel6.5 distro RHEL6.5-20131009.0 and configured LVS as described in https://bugzilla.redhat.com/show_bug.cgi?id=854454#c5

When I started pulse daemon it failed to initialize due to SELinux denials. The daemon started successfully when I set permissive mode of SELinux. I guess the policy should be updated to have daemon working properly.

I've set the bug severity to urgent since this is probably a regression and should be fixed before 6.5 gets released.

Version-Release number of selected component (if applicable):

[root@localhost ~]# rpm -qa selinux-policy
selinux-policy-3.7.19-222.el6.noarch
[root@localhost ~]# rpm -qa selinux-policy-targeted
selinux-policy-targeted-3.7.19-222.el6.noarch

How reproducible:
100%

Steps to Reproduce:
1. setup lvs primary router in nat mode (I think the mode does not matter)
2. /sbin/service pulse start
3. observe denials in /var/log/audit/audit.log

Actual results:
avc denials and pulse cannot properly start

type=AVC msg=audit(1381506961.843:274): avc:  denied  { search } for  pid=9283 comm="pulse" name="/" dev=tmpfs ino=5430 scontext=unconfined_u:system_r:piranha_pulse_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1381506961.843:274): arch=c000003e syscall=2 success=no exit=-13 a0=7ffff8916190 a1=20002 a2=0 a3=7ffff8915f10 items=0 ppid=1 pid=9283 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10 comm="pulse" exe="/usr/sbin/pulse" subj=unconfined_u:system_r:piranha_pulse_t:s0 key=(null)
type=AVC msg=audit(1381506961.843:275): avc:  denied  { search } for  pid=9283 comm="pulse" name="/" dev=tmpfs ino=5430 scontext=unconfined_u:system_r:piranha_pulse_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1381506961.843:275): arch=c000003e syscall=87 success=no exit=-13 a0=7ffff8916230 a1=40dce0 a2=0 a3=7ffff8915fb0 items=0 ppid=1 pid=9283 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10 comm="pulse" exe="/usr/sbin/pulse" subj=unconfined_u:system_r:piranha_pulse_t:s0 key=(null)

Expected results:
pulse daemon starts succesfully

Additional info:

Comment 2 Miroslav Grepl 2013-10-14 09:17:37 UTC

This is a new issue from SELinux point of view in RHEL6.5.

We allow it in Fedora.

If you add a local policy, does it work then?

Comment 3 Jan Tluka 2013-10-15 13:41:52 UTC

Hi, so I tried to add a local policy that turned into a lot of rules required. Here are the policy modules I used that made pulse daemon started succesfully:

module selinux_pulse_bug-10 1.0;

require {
	type piranha_pulse_t;
	type piranha_lvs_t;
	class process sigkill;
}

#============= piranha_pulse_t ==============
allow piranha_pulse_t piranha_lvs_t:process sigkill;

module selinux_pulse_bug-11 1.0;

require {
	type tmpfs_t;
	type piranha_lvs_t;
	class filesystem getattr;
}

#============= piranha_lvs_t ==============
allow piranha_lvs_t tmpfs_t:filesystem getattr;

module selinux_pulse_bug-12 1.0;

require {
	type tmpfs_t;
	type piranha_lvs_t;
	class dir search;
}

#============= piranha_lvs_t ==============
allow piranha_lvs_t tmpfs_t:dir search;

module selinux_pulse_bug-13 1.0;

require {
	type tmpfs_t;
	type piranha_lvs_t;
	class file { read write };
}

#============= piranha_lvs_t ==============
allow piranha_lvs_t tmpfs_t:file { read write };

module selinux_pulse_bug-14 1.0;

require {
	type tmpfs_t;
	type piranha_lvs_t;
	class file open;
	class dir write;
}

#============= piranha_lvs_t ==============
#!!!! The source type 'piranha_lvs_t' can write to a 'dir' of the following types:
# piranha_lvs_var_run_t, var_run_t, root_t

allow piranha_lvs_t tmpfs_t:dir write;
allow piranha_lvs_t tmpfs_t:file open;

module selinux_pulse_bug-15 1.0;

require {
	type tmpfs_t;
	type piranha_lvs_t;
	class file getattr;
	class dir remove_name;
}

#============= piranha_lvs_t ==============
allow piranha_lvs_t tmpfs_t:dir remove_name;
allow piranha_lvs_t tmpfs_t:file getattr;

module selinux_pulse_bug-16 1.0;

require {
	type tmpfs_t;
	type piranha_lvs_t;
	class file unlink;
}

#============= piranha_lvs_t ==============
allow piranha_lvs_t tmpfs_t:file unlink;

module selinux_pulse_bug-2 1.0;

require {
	type tmpfs_t;
	type piranha_pulse_t;
	class dir write;
}

#============= piranha_pulse_t ==============
#!!!! The source type 'piranha_pulse_t' can write to a 'dir' of the following types:
# samba_var_t, piranha_pulse_var_run_t, var_run_t, root_t

allow piranha_pulse_t tmpfs_t:dir write;

module selinux_pulse_bug-3 1.0;

require {
	type tmpfs_t;
	type piranha_pulse_t;
	class dir add_name;
}

#============= piranha_pulse_t ==============
allow piranha_pulse_t tmpfs_t:dir add_name;

module selinux_pulse_bug-4 1.0;

require {
	type tmpfs_t;
	type piranha_pulse_t;
	class file create;
}

#============= piranha_pulse_t ==============
allow piranha_pulse_t tmpfs_t:file create;

module selinux_pulse_bug-5 1.0;

require {
	type tmpfs_t;
	type piranha_pulse_t;
	class file { read write open };
}

#============= piranha_pulse_t ==============
#!!!! The source type 'piranha_pulse_t' can write to a 'file' of the following types:
# samba_etc_t, samba_var_t, sysctl_rpc_t, piranha_pulse_var_run_t, root_t

allow piranha_pulse_t tmpfs_t:file { read write open };

module selinux_pulse_bug-6 1.0;

require {
	type tmpfs_t;
	type piranha_pulse_t;
	class dir remove_name;
}

#============= piranha_pulse_t ==============
allow piranha_pulse_t tmpfs_t:dir remove_name;

module selinux_pulse_bug-7 1.0;

require {
	type tmpfs_t;
	type piranha_pulse_t;
	class file unlink;
}

#============= piranha_pulse_t ==============
allow piranha_pulse_t tmpfs_t:file unlink;

module selinux_pulse_bug-8 1.0;

require {
	type tmpfs_t;
	type piranha_pulse_t;
	class file link;
}

#============= piranha_pulse_t ==============
allow piranha_pulse_t tmpfs_t:file link;

module selinux_pulse_bug-9 1.0;

require {
	type tmpfs_t;
	type piranha_pulse_t;
	class file getattr;
}

#============= piranha_pulse_t ==============
allow piranha_pulse_t tmpfs_t:file getattr;

module selinux_pulse_bug 1.0;

require {
	type tmpfs_t;
	type piranha_pulse_t;
	class dir search;
}

#============= piranha_pulse_t ==============
allow piranha_pulse_t tmpfs_t:dir search;

Comment 4 Miroslav Grepl 2013-10-15 13:54:56 UTC

Ok, now it is more complicated. Any idea who creates this tmpfs_t? Could you pls attach AVC msgs and also

# ps -eZ |grep initrc

Comment 5 Miroslav Grepl 2013-10-15 13:59:49 UTC

Actually I see it now. Could you test the following local policy


# cat mypol.te
require{
 attribute piranha_domain;
}

type piranha_pulse_tmpfs_t;
files_tmpfs_file(piranha_pulse_tmpfs_t)

manage_dirs_pattern(piranha_pulse_t, piranha_pulse_tmpfs_t, piranha_pulse_tmpfs_t)
manage_files_pattern(piranha_pulse_t, piranha_pulse_tmpfs_t, piranha_pulse_tmpfs_t)
fs_tmpfs_filetrans(piranha_pulse_t, piranha_pulse_tmpfs_t, { dir file })

manage_files_pattern(piranha_domain, piranha_pulse_tmpfs_t,piranha_pulse_tmpfs_t)
manage_dirs_pattern(piranha_domain, piranha_pulse_tmpfs_t,piranha_pulse_tmpfs_t)


and 

# make -f /usr/share/selinux/devel/Makefile mypol.pp
# semodule -i mypol.pp

and also remove your local policies.

Comment 6 Jan Tluka 2013-10-15 15:00:35 UTC

(In reply to Miroslav Grepl from comment #5)
> Actually I see it now. Could you test the following local policy
> 
> 
> # cat mypol.te
> require{
>  attribute piranha_domain;
> }
> 
> type piranha_pulse_tmpfs_t;
> files_tmpfs_file(piranha_pulse_tmpfs_t)
> 
> manage_dirs_pattern(piranha_pulse_t, piranha_pulse_tmpfs_t,
> piranha_pulse_tmpfs_t)
> manage_files_pattern(piranha_pulse_t, piranha_pulse_tmpfs_t,
> piranha_pulse_tmpfs_t)
> fs_tmpfs_filetrans(piranha_pulse_t, piranha_pulse_tmpfs_t, { dir file })
> 
> manage_files_pattern(piranha_domain,
> piranha_pulse_tmpfs_t,piranha_pulse_tmpfs_t)
> manage_dirs_pattern(piranha_domain,
> piranha_pulse_tmpfs_t,piranha_pulse_tmpfs_t)
> 
> 
> and 
> 
> # make -f /usr/share/selinux/devel/Makefile mypol.pp
> # semodule -i mypol.pp
> 
> and also remove your local policies.

Moved a bit but still I got some denials. I had to slightly modify the policy file you've provided:

# cat mypol.te 
policy_module(local, 0.0.1) <====

require {
 attribute piranha_domain;
 type piranha_pulse_t;      <====
}

type piranha_pulse_tmpfs_t;
files_tmpfs_file(piranha_pulse_tmpfs_t)

manage_dirs_pattern(piranha_pulse_t, piranha_pulse_tmpfs_t, piranha_pulse_tmpfs_t)
manage_files_pattern(piranha_pulse_t, piranha_pulse_tmpfs_t, piranha_pulse_tmpfs_t)
fs_tmpfs_filetrans(piranha_pulse_t, piranha_pulse_tmpfs_t, { dir file })

manage_files_pattern(piranha_domain, piranha_pulse_tmpfs_t,piranha_pulse_tmpfs_t)
manage_dirs_pattern(piranha_domain, piranha_pulse_tmpfs_t,piranha_pulse_tmpfs_t)


The denials I see are following:

type=SYSCALL msg=audit(1381848896.993:98): arch=c000003e syscall=1 success=yes exit=7283063 a0=4 a1=7f42b209c000 a2=6f2177 a3=7fff4a9a99e0 items=0 ppid=2668 pid=2669 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4 comm="load_policy" exe="/sbin/load_policy" subj=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1381848930.471:99): avc:  denied  { getattr } for  pid=2705 comm="lvsd" name="/" dev=tmpfs ino=5298 scontext=unconfined_u:system_r:piranha_lvs_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1381848930.471:99): arch=c000003e syscall=137 success=no exit=-13 a0=7f5cde5b7744 a1=7fff01ecd850 a2=1 a3=7fff01ecd3c0 items=0 ppid=2694 pid=2705 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="lvsd" exe="/usr/sbin/lvsd" subj=unconfined_u:system_r:piranha_lvs_t:s0 key=(null)
type=AVC msg=audit(1381848930.476:100): avc:  denied  { getattr } for  pid=2705 comm="lvsd" name="/" dev=tmpfs ino=5298 scontext=unconfined_u:system_r:piranha_lvs_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1381848930.476:100): arch=c000003e syscall=137 success=no exit=-13 a0=7fff01ecd656 a1=7fff01ecd850 a2=7f5cde14c240 a3=3 items=0 ppid=2694 pid=2705 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="lvsd" exe="/usr/sbin/lvsd" subj=unconfined_u:system_r:piranha_lvs_t:s0 key=(null)
type=AVC msg=audit(1381848930.502:101): avc:  denied  { sigkill } for  pid=2694 comm="pulse" scontext=unconfined_u:system_r:piranha_pulse_t:s0 tcontext=unconfined_u:system_r:piranha_lvs_t:s0 tclass=process
type=SYSCALL msg=audit(1381848930.502:101): arch=c000003e syscall=62 success=no exit=-13 a0=a91 a1=9 a2=0 a3=7fffc9bb0ed0 items=0 ppid=1 pid=2694 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="pulse" exe="/usr/sbin/pulse" subj=unconfined_u:system_r:piranha_pulse_t:s0 key=(null)

Comment 7 Miroslav Grepl 2013-10-15 15:14:24 UTC

Much better. And if you allow these AVC msgs, does it work then?

Comment 8 Jan Tluka 2013-10-15 15:47:36 UTC

(In reply to Miroslav Grepl from comment #7)
> Much better. And if you allow these AVC msgs, does it work then?

I think this leads to the policies described in comment #3.

Allowing the AVCs in comment #6 leads to more:

type=AVC msg=audit(10/15/2013 17:36:51.145:18) : avc:  denied  { search } for  pid=1841 comm=lvsd name=/ dev=tmpfs ino=5430 scontext=unconfined_u:system_r:piranha_lvs_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir 
----
type=AVC msg=audit(10/15/2013 17:36:51.144:17) : avc:  denied  { search } for  pid=1841 comm=lvsd name=/ dev=tmpfs ino=5430 scontext=unconfined_u:system_r:piranha_lvs_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir

Allowing these leads to following:

type=AVC msg=audit(10/15/2013 17:40:58.601:20) : avc:  denied  { write } for  pid=1894 comm=lvsd name=/ dev=tmpfs ino=5430 scontext=unconfined_u:system_r:piranha_lvs_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir 

Allowing this one produces:

type=AVC msg=audit(10/15/2013 17:43:10.482:22) : avc:  denied  { remove_name } for  pid=1972 comm=lvsd name=sem.lvs dev=tmpfs ino=20212 scontext=unconfined_u:system_r:piranha_lvs_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir

Once all of the above are allowed I see no further AVCs.

Comment 9 Miroslav Grepl 2013-10-15 16:11:55 UTC

Ok, thank you for testing.

Comment 12 Jan Tluka 2013-10-16 13:05:58 UTC

Still got some denials after upgrading to selinux-policy-3.7.19-225.el6

On pulse startup:

type=AVC msg=audit(1381925968.124:24): avc:  denied  { sigkill } for  pid=1278 comm="pulse" scontext=unconfined_u:system_r:piranha_pulse_t:s0 tcontext=unconfined_u:system_r:piranha_lvs_t:s0 tclass=process
type=SYSCALL msg=audit(1381925968.124:24): arch=c000003e syscall=62 success=no exit=-13 a0=505 a1=9 a2=0 a3=7fff46510d30 items=0 ppid=1 pid=1278 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pulse" exe="/usr/sbin/pulse" subj=unconfined_u:system_r:piranha_pulse_t:s0 key=(null)

On getting back the mastership:

type=AVC msg=audit(1381926145.743:26): avc:  denied  { getattr } for  pid=1328 comm="lvsd" name="/" dev=tmpfs ino=5430 scontext=unconfined_u:system_r:piranha_lvs_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1381926145.743:26): arch=c000003e syscall=137 success=no exit=-13 a0=7ffff11d18c6 a1=7ffff11d1ac0 a2=7fa2cb2ef240 a3=3 items=0 ppid=1322 pid=1328 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="lvsd" exe="/usr/sbin/lvsd" subj=unconfined_u:system_r:piranha_lvs_t:s0 key=(null)

type=AVC msg=audit(1381926145.750:27): avc:  denied  { sigkill } for  pid=1322 comm="pulse" scontext=unconfined_u:system_r:piranha_pulse_t:s0 tcontext=unconfined_u:system_r:piranha_lvs_t:s0 tclass=process
type=SYSCALL msg=audit(1381926145.750:27): arch=c000003e syscall=62 success=no exit=-13 a0=530 a1=9 a2=0 a3=7fff673fb880 items=0 ppid=1 pid=1322 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pulse" exe="/usr/sbin/pulse" subj=unconfined_u:system_r:piranha_pulse_t:s0 key=(null)

type=AVC msg=audit(1381926403.009:29): avc:  denied  { search } for  pid=1376 comm="lvsd" name="/" dev=tmpfs ino=5430 scontext=unconfined_u:system_r:piranha_lvs_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1381926403.009:29): arch=c000003e syscall=2 success=no exit=-13 a0=7fff2e66fb10 a1=20002 a2=0 a3=7fff2e66f890 items=0 ppid=1370 pid=1376 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="lvsd" exe="/usr/sbin/lvsd" subj=unconfined_u:system_r:piranha_lvs_t:s0 key=(null)

type=AVC msg=audit(1381927188.129:37): avc:  denied  { write } for  pid=1508 comm="lvsd" name="/" dev=tmpfs ino=5430 scontext=unconfined_u:system_r:piranha_lvs_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1381927188.129:37): arch=c000003e syscall=87 success=no exit=-13 a0=7fff0eb10bd0 a1=40b032 a2=0 a3=7fff0eb10950 items=0 ppid=1502 pid=1508 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="lvsd" exe="/usr/sbin/lvsd" subj=unconfined_u:system_r:piranha_lvs_t:s0 key=(null)

type=AVC msg=audit(1381927765.733:41): avc:  denied  { remove_name } for  pid=1936 comm="lvsd" name="sem.lvs" dev=tmpfs ino=26354 scontext=unconfined_u:system_r:piranha_lvs_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1381927765.733:41): arch=c000003e syscall=87 success=no exit=-13 a0=7fff955504e0 a1=40b032 a2=0 a3=7fff95550260 items=0 ppid=1930 pid=1936 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="lvsd" exe="/usr/sbin/lvsd" subj=unconfined_u:system_r:piranha_lvs_t:s0 key=(null)


So the overall policy I came to is:

# cat mypol.te

module mypol 1.0;

require {
	type tmpfs_t;
	type piranha_lvs_t;
	type piranha_pulse_t;
	class process sigkill;
	class dir { write remove_name search };
	class filesystem getattr;
}

#============= piranha_lvs_t ==============
#!!!! The source type 'piranha_lvs_t' can write to a 'dir' of the following types:
# piranha_lvs_var_run_t, piranha_pulse_tmpfs_t, var_run_t, root_t

allow piranha_lvs_t tmpfs_t:dir { write remove_name search };
allow piranha_lvs_t tmpfs_t:filesystem getattr;

#============= piranha_pulse_t ==============
allow piranha_pulse_t piranha_lvs_t:process sigkill;

Comment 13 Miroslav Grepl 2013-10-16 13:19:19 UTC

I see

#============= piranha_lvs_t ==============

#!!!! This avc is allowed in the current policy
allow piranha_lvs_t tmpfs_t:dir { write remove_name search };

#!!!! This avc is allowed in the current policy
allow piranha_lvs_t tmpfs_t:filesystem getattr;

#============= piranha_pulse_t ==============

#!!!! This avc is allowed in the current policy
allow piranha_pulse_t piranha_lvs_t:process sigkill;

# rpm -qa selinux-policy-*
selinux-policy-minimum-3.7.19-225.el6.noarch
selinux-policy-mls-3.7.19-225.el6.noarch
selinux-policy-doc-3.7.19-218.el6.noarch
selinux-policy-targeted-3.7.19-225.el6.noarch

Comment 14 Jan Tluka 2013-10-16 13:35:41 UTC

I'm sorry for the confusion I made. My update of selinux-policy was not completely successful and conflicted with the previous one. After the correction the updated package solved the pulse daemon startup.

Tested on:
# rpm -qa selinux-\*
selinux-policy-3.7.19-225.el6.noarch
selinux-policy-targeted-3.7.19-225.el6.noarch

Setting to verified and removing FailedQA flag.

Comment 15 errata-xmlrpc 2013-11-21 10:53:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1598.html