From be1c8bcb45fcef889237fb22d51464f445b1d2ab Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Tue, 10 Nov 2020 15:56:37 +0100
Subject: [PATCH] distgit: keep working on the http_policy

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
---
 roles/distgit/files/http_policy.te | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/roles/distgit/files/http_policy.te b/roles/distgit/files/http_policy.te
index eae0190259..6dade130a2 100644
--- a/roles/distgit/files/http_policy.te
+++ b/roles/distgit/files/http_policy.te
@@ -1,4 +1,4 @@
-module http_policy 1.1;
+module http_policy 1.2;
 
 require {
 	type gitosis_var_lib_t;
@@ -25,7 +25,9 @@ allow httpd_sys_script_t shadow_t:file { getattr open read };
 #============= httpd_t ==============
 allow httpd_t git_content_t:dir { add_name remove_name write };
 allow httpd_t git_content_t:file { create rename setattr unlink write };
-allow httpd_t gitosis_var_lib_t:dir { add_name create remove_name rmdir write };
-allow httpd_t gitosis_var_lib_t:file { create link rename unlink write };
+allow httpd_t gitosis_var_lib_t:dir { create rmdir };
+allow httpd_t gitosis_var_lib_t:dir { add_name remove_name write };
+allow httpd_t gitosis_var_lib_t:file rename;
+allow httpd_t gitosis_var_lib_t:file { create link unlink write };
 allow httpd_t var_t:file { getattr open read };