diff --git a/roles/copr/dist_git/files/git_script_t.pp b/roles/copr/dist_git/files/git_script_t.pp
new file mode 100644
index 0000000000..c9e93ecbba
Binary files /dev/null and b/roles/copr/dist_git/files/git_script_t.pp differ
diff --git a/roles/copr/dist_git/files/git_script_t.te b/roles/copr/dist_git/files/git_script_t.te
new file mode 100644
index 0000000000..1c1f6cdbce
--- /dev/null
+++ b/roles/copr/dist_git/files/git_script_t.te
@@ -0,0 +1,9 @@
+module git_script_t 1.0.1;
+
+require {
+	type git_script_t;
+	type git_user_content_t;
+	class file { map };
+}
+
+allow git_script_t git_user_content_t:file map;
diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml
index f22a6d0864..f773677d63 100644
--- a/roles/copr/dist_git/tasks/main.yml
+++ b/roles/copr/dist_git/tasks/main.yml
@@ -95,5 +95,17 @@
   - "dist-git.socket"
   - "copr-dist-git"
 
+- name: copy over our custom selinux policy for cgit
+  copy: src=git_script_t.pp dest=/usr/local/share/selinux/git_script_t.pp
+  register: cgit_selinux_module
+  tags:
+  - selinux
+
+- name: install our custom selinux policy for cgit
+  command: semodule -i /usr/local/share/selinux/git_script_t.pp
+  when: cgit_selinux_module|changed
+  tags:
+  - selinux
+
 - name: Create /var/cache/cgit/repo-list.rc if does not exists (it last 30 minutes to generate)
   command: /etc/cron.hourly/copr-dist-git creates=/var/cache/cgit/repo-list.rc