diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml
index f79c4f4f9b..ddb4248e5c 100644
--- a/roles/pagure/frontend/tasks/main.yml
+++ b/roles/pagure/frontend/tasks/main.yml
@@ -285,6 +285,43 @@
   tags:
   - pagure
 
+- name: check the selinux context of the git repo directory
+  command: matchpathcon /srv/git
+  register: distgitcontext
+  check_mode: no
+  changed_when: false
+  tags:
+  - config
+  - pagure
+  - selinux
+
+- name: set the SELinux policy for the distgit root directory
+  command: semanage fcontext -a -t gitosis_var_lib_t "/srv/git(/.*)?"
+  when: distgitcontext.stdout.find('gitosis_var_lib_t') == -1
+  tags:
+  - config
+  - pagure
+  - selinux
+
+- name: check the selinux context of the releases directory
+  command: matchpathcon /var/www/releases
+  register: distgitcontext
+  check_mode: no
+  changed_when: false
+  tags:
+  - config
+  - pagure
+  - selinux
+
+# Note: On Fedora its httpd_sys_content_rw_t - Don't we love confusions?
+- name: set the SELinux policy for the releases directory
+  command: semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/releases(/.*)?"
+  when: distgitcontext.stdout.find('httpd_sys_rw_content_t') == -1
+  tags:
+  - config
+  - pagure
+  - selinux
+
 - name: copy over our custom selinux module
   copy: src=selinux/pagure.pp dest=/usr/local/share/pagure.pp
   register: selinux_module