From 3108b3b1fe1eff39b1a816b00bf6dcdbe69ba14c Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Thu, 4 Jun 2015 10:34:30 +0200
Subject: [PATCH] Allow git_script_t to create link on NFS

---
 roles/distgit/files/upload_cgi.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/distgit/files/upload_cgi.te b/roles/distgit/files/upload_cgi.te
index bd87580806..ef6e3dbce3 100644
--- a/roles/distgit/files/upload_cgi.te
+++ b/roles/distgit/files/upload_cgi.te
@@ -25,3 +25,6 @@ term_getattr_all_ptys(httpd_git_script_t);
 term_getattr_all_ttys(httpd_git_script_t);
 # Do not audit attempts to get the attributes of generic pty devices.
 term_dontaudit_getattr_generic_ptys(httpd_git_script_t);
+
+# Allow upload.cgi to make link on nfs
+allow git_script_t nfs_t:file { unlink link };