diff --git a/roles/pagure/files/selinux/pagure.te b/roles/pagure/files/selinux/pagure.te
index 020e9e6bfc..1a98e26887 100644
--- a/roles/pagure/files/selinux/pagure.te
+++ b/roles/pagure/files/selinux/pagure.te
@@ -1,4 +1,4 @@
-module pagure 1.1;
+module pagure 1.2;
 
 require {
     type gitosis_var_lib_t;
@@ -13,14 +13,14 @@ require {
     type var_run_t;
     type var_t;
     class dir { add_name remove_name write };
-    class file { create link setattr write execute execute_no_trans getattr map open read rename unlink };
+    class file { create link setattr write execute execute_no_trans getattr map open read rename unlink ioctrl };
     class process execmem;
     class sock_file write;
     class tcp_socket name_connect;
 }
 
 allow httpd_t gitosis_var_lib_t:dir { add_name remove_name write };
-allow httpd_t gitosis_var_lib_t:file { create link setattr unlink write };
+allow httpd_t gitosis_var_lib_t:file { create link setattr unlink write rename };
 
 #============= httpd_t ==============
 
@@ -30,11 +30,11 @@ allow httpd_t httpd_log_t:file { rename unlink };
 
 #!!!! This avc is allowed in the current policy
 allow httpd_t self:process execmem;
-allow httpd_t var_log_t:file { open rename };
+allow httpd_t var_log_t:file { open rename unlink };
 
 #!!!! This avc can be allowed using the boolean 'domain_can_mmap_files'
 allow httpd_t var_t:file map;
-allow httpd_t var_t:file { getattr open read };
+allow httpd_t var_t:file { getattr open read ioctl };
 
 #============= postfix_cleanup_t ==============
 allow postfix_cleanup_t var_run_t:sock_file write;