copr-dist-git: give map permission on git_user_content_t to cgit

roles/copr/dist_git/files/git_script_t.te

@@ -0,0 +1,9 @@
+module git_script_t 1.0.1;
+
+require {
+	type git_script_t;
+	type git_user_content_t;
+	class file { map };
+}
+
+allow git_script_t git_user_content_t:file map;

roles/copr/dist_git/tasks/main.yml

@@ -95,5 +95,17 @@
   - "dist-git.socket"
   - "copr-dist-git"
 
+- name: copy over our custom selinux policy for cgit
+  copy: src=git_script_t.pp dest=/usr/local/share/selinux/git_script_t.pp
+  register: cgit_selinux_module
+  tags:
+  - selinux
+
+- name: install our custom selinux policy for cgit
+  command: semodule -i /usr/local/share/selinux/git_script_t.pp
+  when: cgit_selinux_module|changed
+  tags:
+  - selinux
+
 - name: Create /var/cache/cgit/repo-list.rc if does not exists (it last 30 minutes to generate)
   command: /etc/cron.hourly/copr-dist-git creates=/var/cache/cgit/repo-list.rc