From f580d72f24b20fc4575971d443b2637fc596535a Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Tue, 10 Nov 2020 15:49:30 +0100
Subject: [PATCH] distgit: add the missing headers in the http_policy policy

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
---
 roles/distgit/files/http_policy.te | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/roles/distgit/files/http_policy.te b/roles/distgit/files/http_policy.te
index 5f41da0b9e..77f61b74f8 100644
--- a/roles/distgit/files/http_policy.te
+++ b/roles/distgit/files/http_policy.te
@@ -1,3 +1,19 @@
+module http_policy 1.0;
+
+require {
+	type gitosis_var_lib_t;
+	type httpd_sys_script_t;
+	type httpd_t;
+	type shadow_t;
+	type var_t;
+	type git_content_t;
+	class process setrlimit;
+	class capability { audit_write dac_read_search setgid setuid sys_resource };
+	class netlink_audit_socket { create nlmsg_relay };
+	class file { create getattr link open read rename setattr unlink write };
+	class dir { add_name create getattr remove_name rmdir search write };
+}
+
 #============= httpd_sys_script_t ==============
 allow httpd_sys_script_t git_content_t:dir search;
 allow httpd_sys_script_t gitosis_var_lib_t:dir { getattr search };