From 3310672c58d02359c21704592e09bdaaf2ffb27a Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Mon, 21 Mar 2016 16:03:12 +0000
Subject: [PATCH] Tell selinux to allow git-daemon to follow symlinks, please.

---
 roles/distgit/files/cgi-nfs.pp | Bin 62147 -> 62431 bytes
 roles/distgit/files/cgi-nfs.te |   8 ++++----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/distgit/files/cgi-nfs.pp b/roles/distgit/files/cgi-nfs.pp
index a0df2ccccc0240612f7b653a561787efe26b587d..116536a06b5e395f0286aea148ea5d5c2e44fd63 100644
GIT binary patch
delta 209
zcmX^7l==R1W}*K7H9r{{7#Nrs7#Ktt7#ITXOcb(bGIW^yu|;@eTB;Q<8v_Fa2n#VV
zFtASUvz8YwElw?pPtMOPNzE&XFJT4APwump-u&5Wmjff`<aO1LC+pU@uycYnF-_i3
z?KpX7jSQUcQ0vI3Fxk*rc=FkrEpQgk<b|~^P+n{u&t%p*1TTlt9;ANr-MWw50x-9v
TXO_f+TrydpTWs^Cu8-*e1(!co

delta 129
zcmccrocZumW}*K7H9r{{7#Nrs7#Ktt7#K`$PZY9eGH{suu~m3uTB;Q<D+2=q98W%A
zExlRQdY1zu`{W1Jk0*E6YE1U8m6?3Lb`6-GUgrU(e?#f``V>a_$s1agC*QB(ncQ8=
QyQ$#>HzVuj*WF*z0kxPf6#xJL

diff --git a/roles/distgit/files/cgi-nfs.te b/roles/distgit/files/cgi-nfs.te
index 5ba0dfe4f6..3274b1fcb3 100644
--- a/roles/distgit/files/cgi-nfs.te
+++ b/roles/distgit/files/cgi-nfs.te
@@ -1,20 +1,20 @@
-policy_module(nfscgi, 1.0.0)
+policy_module(nfscgi, 1.0.1)
 
 require {
 	type httpd_git_script_t;
 	type git_script_t;
 	type git_system_t;
 	type httpd_git_content_t;
+	type git_user_content_t;
 	type nfs_t;
 	class dir { create write search add_name remove_name getattr open };
 	class file { create write rename setattr read open };
 }
 
-
 allow git_system_t httpd_git_content_t:dir { getattr read open };
 allow git_system_t httpd_git_content_t:file { read open getattr };
-
-
+allow git_system_t httpd_git_content_t:lnk_file { read open getattr };
+allow git_system_t git_user_content_t:lnk_file { read open getattr };
 
 allow httpd_git_script_t nfs_t:dir { write };
 allow git_system_t httpd_git_content_t:dir { search };