From 6969128d1116253404efdb2929b4c9fe23055f5f Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Tue, 2 Feb 2021 16:47:57 +0100
Subject: [PATCH] pagure: give selinux a little more permissions

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
---
 roles/pagure/files/selinux/pagure.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/pagure/files/selinux/pagure.te b/roles/pagure/files/selinux/pagure.te
index 2943a90397..b969c39ede 100644
--- a/roles/pagure/files/selinux/pagure.te
+++ b/roles/pagure/files/selinux/pagure.te
@@ -1,4 +1,4 @@
-module pagure 1.2;
+module pagure 1.3;
 
 require {
     type gitosis_var_lib_t;
@@ -35,6 +35,7 @@ allow httpd_t var_log_t:file { open rename unlink };
 #!!!! This avc can be allowed using the boolean 'domain_can_mmap_files'
 allow httpd_t var_t:file map;
 allow httpd_t var_t:file { getattr open read ioctl };
+allow httpd_t var_t:file { lock unlink write };
 
 #============= postfix_cleanup_t ==============
 allow postfix_cleanup_t var_run_t:sock_file write;