diff --git a/roles/distgit/files/pagure.pp b/roles/distgit/files/pagure.pp
new file mode 100644
index 0000000000..200eb4cede
Binary files /dev/null and b/roles/distgit/files/pagure.pp differ
diff --git a/roles/distgit/files/pagure.te b/roles/distgit/files/pagure.te
new file mode 100644
index 0000000000..1a81ad8756
--- /dev/null
+++ b/roles/distgit/files/pagure.te
@@ -0,0 +1,30 @@
+module pagure 1.0.5;
+
+require {
+        type httpd_t;
+        type sysctl_net_t;
+        type gitosis_var_lib_t;
+        type httpd_git_script_t;
+        type git_script_tmp_t;
+        type git_user_content_t;
+        class dir { search getattr open read add_name remove_name write create rename};
+        class file { append open ioctl lock rename append getattr read create link setattr unlink write };
+        class lnk_file { read open getattr create unlink};
+}
+
+allow httpd_git_script_t git_script_tmp_t:file manage_file_perms;
+
+allow httpd_t git_user_content_t:dir { search getattr open read };
+allow httpd_t git_user_content_t:file { read open getattr };
+allow httpd_t git_user_content_t:lnk_file { read open getattr };
+
+optional_policy(`
+gen_require(` class file map; ')
+allow httpd_t git_user_content_t:file map;
+')
+
+allow httpd_t gitosis_var_lib_t:dir { add_name remove_name write create rename};
+allow httpd_t gitosis_var_lib_t:file { create link setattr unlink write rename append};
+allow httpd_t gitosis_var_lib_t:lnk_file { create unlink };
+
+allow httpd_t sysctl_net_t:file { open read };
diff --git a/roles/distgit/pagure/tasks/main.yml b/roles/distgit/pagure/tasks/main.yml
index 66b19a8237..c6f29fcb4f 100644
--- a/roles/distgit/pagure/tasks/main.yml
+++ b/roles/distgit/pagure/tasks/main.yml
@@ -229,6 +229,16 @@
   - web
   - pagure
 
+- name: set sebooleans so pagure can talk to libgit2
+  seboolean: name=httpd_execmem
+                    state=true
+                    persistent=true
+  tags:
+  - selinux
+  - web
+  - pagure
+  when: env == "staging"
+
 # HOTFIX: adjust bugzilla overrides
 - name: HOTFIX - adjust bugzilla overrides
   copy: src=fas2.py dest=/usr/lib/python2.7/site-packages/fedora/client/fas2.py
diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml
index 49e682521d..9092db03c0 100644
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@@ -468,6 +468,18 @@
   file: dest=/usr/local/share/selinux/ state=directory
   tags: selinux
 
+- name: copy over our custom selinux policy for pagure
+  copy: src=pagure.pp dest=/usr/local/share/selinux/pagure.pp
+  register: selinux_module
+  tags: selinux
+  when: env == "staging"
+
+- name: install our custom selinux policy for pagure
+  command: semodule -i /usr/local/share/selinux/pagure.pp
+  when: selinux_module is changed
+  tags: selinux
+  when: env == "staging"
+
 - name: copy over our custom selinux policy
   copy: src=upload_cgi.pp dest=/usr/local/share/selinux/upload_cgi.pp
   register: selinux_module