diff --git a/policy/modules/services/cmirrord.fc b/policy/modules/services/cmirrord.fc
new file mode 100644
index 000000000..049e2b611
--- /dev/null
+++ b/policy/modules/services/cmirrord.fc
@@ -0,0 +1,5 @@
+/etc/rc\.d/init\.d/cmirrord	--	gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0)
+
+/usr/sbin/cmirrord		--	gen_context(system_u:object_r:cmirrord_exec_t,s0)
+
+/var/run/cmirrord\.pid		--	gen_context(system_u:object_r:cmirrord_var_run_t,s0)
diff --git a/policy/modules/services/cmirrord.if b/policy/modules/services/cmirrord.if
new file mode 100644
index 000000000..f8463c0f7
--- /dev/null
+++ b/policy/modules/services/cmirrord.if
@@ -0,0 +1,113 @@
+## <summary>Cluster mirror log daemon</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run cmirrord.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`cmirrord_domtrans',`
+	gen_require(`
+		type cmirrord_t, cmirrord_exec_t;
+	')
+
+	domtrans_pattern($1, cmirrord_exec_t, cmirrord_t)
+')
+
+########################################
+## <summary>
+##	Execute cmirrord server in the cmirrord domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`cmirrord_initrc_domtrans',`
+	gen_require(`
+		type cmirrord_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, cmirrord_initrc_exec_t)
+')
+
+########################################
+## <summary>
+##	Read cmirrord PID files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`cmirrord_read_pid_files',`
+	gen_require(`
+		type cmirrord_var_run_t;
+	')
+
+	files_search_pids($1)
+	allow $1 cmirrord_var_run_t:file read_file_perms;
+')
+
+#######################################
+## <summary>
+##	Read and write to cmirrord shared memory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`cmirrord_rw_shm',`
+	gen_require(`
+		type cmirrord_t, cmirrord_tmpfs_t;
+	')
+
+	allow $1 cmirrord_t:shm rw_shm_perms;
+
+	allow $1 cmirrord_tmpfs_t:dir list_dir_perms;
+	rw_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
+	read_lnk_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
+	fs_search_tmpfs($1)
+')
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an cmirrord environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`cmirrord_admin',`
+	gen_require(`
+		type cmirrord_t, cmirrord_initrc_exec_t, cmirrord_var_run_t;
+	')
+
+	allow $1 cmirrord_t:process { ptrace signal_perms };
+	ps_process_pattern($1, cmirrord_t)
+
+	cmirrord_initrc_domtrans($1)
+	domain_system_change_exemption($1)
+	role_transition $2 cmirrord_initrc_exec_t system_r;
+	allow $2 system_r;
+
+	files_list_pids($1)
+	admin_pattern($1, cmirrord_var_run_t)
+')
diff --git a/policy/modules/services/cmirrord.te b/policy/modules/services/cmirrord.te
new file mode 100644
index 000000000..28fdd8ad9
--- /dev/null
+++ b/policy/modules/services/cmirrord.te
@@ -0,0 +1,58 @@
+policy_module(cmirrord, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type cmirrord_t;
+type cmirrord_exec_t;
+init_daemon_domain(cmirrord_t, cmirrord_exec_t)
+
+type cmirrord_initrc_exec_t;
+init_script_file(cmirrord_initrc_exec_t)
+
+type cmirrord_tmpfs_t;
+files_tmpfs_file(cmirrord_tmpfs_t)
+
+type cmirrord_var_run_t;
+files_pid_file(cmirrord_var_run_t)
+
+########################################
+#
+# cmirrord local policy
+#
+
+allow cmirrord_t self:capability { net_admin kill };
+dontaudit cmirrord_t self:capability sys_tty_config;
+allow cmirrord_t self:process { setfscreate signal};
+allow cmirrord_t self:fifo_file rw_fifo_file_perms;
+allow cmirrord_t self:sem create_sem_perms;
+allow cmirrord_t self:shm create_shm_perms;
+allow cmirrord_t self:netlink_socket create_socket_perms;
+allow cmirrord_t self:unix_stream_socket create_stream_socket_perms;
+
+manage_dirs_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
+manage_files_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
+fs_tmpfs_filetrans(cmirrord_t, cmirrord_tmpfs_t, { dir file })
+
+manage_dirs_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)
+manage_files_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)
+files_pid_filetrans(cmirrord_t, cmirrord_var_run_t, file)
+
+domain_use_interactive_fds(cmirrord_t)
+domain_obj_id_change_exemption(cmirrord_t)
+
+files_read_etc_files(cmirrord_t)
+
+storage_create_fixed_disk_dev(cmirrord_t)
+
+seutil_read_file_contexts(cmirrord_t)
+
+logging_send_syslog_msg(cmirrord_t)
+
+miscfiles_read_localization(cmirrord_t)
+
+optional_policy(`
+	corosync_stream_connect(cmirrord_t)
+')