Description of problem: Version-Release number of selected component (if applicable): rgmanager-3.0.12.1-12.el6.i686 selinux-policy-3.7.19-155.el6_3.2.noarch selinux-policy-doc-3.7.19-155.el6_3.2.noarch selinux-policy-minimum-3.7.19-155.el6_3.2.noarch selinux-policy-mls-3.7.19-155.el6_3.2.noarch selinux-policy-targeted-3.7.19-155.el6_3.2.noarch How reproducible: always Steps to Reproduce: # run_init service cpglockd status Authenticating root. Password: cpglockd is stopped # run_init service cpglockd start Authenticating root. Password: Starting CPG lock daemon: [ OK ] # ps -efZ | grep cpglockd system_u:system_r:initrc_t:s0 root 17245 1 0 16:42 ? 00:00:00 cpglockd unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 17250 2101 0 16:42 pts/0 00:00:00 grep cpglockd # Actual results: * cpglockd runs as initrc_t Expected results: * cpglockd runs in its own SELinux domain
Fixed in selinux-policy-3.7.19-160.el6.4.noarch We now use rgmanager policy for this daemon.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0314.html