From 6969128d1116253404efdb2929b4c9fe23055f5f Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Feb 02 2021 15:48:06 +0000
Subject: pagure: give selinux a little more permissions


Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>

---

diff --git a/roles/pagure/files/selinux/pagure.te b/roles/pagure/files/selinux/pagure.te
index 2943a90..b969c39 100644
--- a/roles/pagure/files/selinux/pagure.te
+++ b/roles/pagure/files/selinux/pagure.te
@@ -1,4 +1,4 @@
-module pagure 1.2;
+module pagure 1.3;
 
 require {
     type gitosis_var_lib_t;
@@ -35,6 +35,7 @@ allow httpd_t var_log_t:file { open rename unlink };
 #!!!! This avc can be allowed using the boolean 'domain_can_mmap_files'
 allow httpd_t var_t:file map;
 allow httpd_t var_t:file { getattr open read ioctl };
+allow httpd_t var_t:file { lock unlink write };
 
 #============= postfix_cleanup_t ==============
 allow postfix_cleanup_t var_run_t:sock_file write;