From d502bbd19d815d96e6ceb664f9b23d30369be52f Mon Sep 17 00:00:00 2001
From: Jakub Kadlčík <frostyx@email.cz>
Date: Feb 04 2019 08:02:47 +0000
Subject: [selinux] add more rules for keygen (follow-up to 4f689743)


The a396a3f8 fixed some AVCs, but many others appeared later.
I am not exactly sure what I am doing here, I just solved the
issues that appeard, the same way that it was done in the a396a3f8.

It was necessary to do, otherwise copr-keygen failed to create
gpg keys for new project.

---

diff --git a/selinux/copr.te b/selinux/copr.te
index 52b048c..830eda9 100644
--- a/selinux/copr.te
+++ b/selinux/copr.te
@@ -12,8 +12,11 @@ require {
         type httpd_t;
         type git_script_t;
         type git_user_content_t;
+        type gpg_web_t;
         type syslogd_t;
         type auditd_log_t;
+        type httpd_var_lib_t;
+        type user_tmp_t;
         class dir { write getattr read remove_name open add_name create rmdir};
         class file { rename write getattr read create open lock unlink};
 }
@@ -45,3 +48,7 @@ allow syslogd_t auditd_log_t:file { read getattr open ioctl };
 
 #keygen
 allow httpd_t httpd_var_lib_t:sock_file { create getattr setattr unlink write };
+allow gpg_web_t httpd_var_lib_t:dir { search getattr read write add_name remove_name };
+allow gpg_web_t httpd_var_lib_t:file { getattr read open write create unlink rename link };
+allow gpg_web_t httpd_var_lib_t:sock_file { getattr write create };
+allow gpg_web_t user_tmp_t:dir { search };