policy_module(nfscgi, 1.0.0) require { type httpd_git_script_t; type git_script_t; type git_system_t; type httpd_git_content_t; type nfs_t; class dir { create write search add_name remove_name getattr open }; class file { create write rename setattr read open }; } allow git_system_t httpd_git_content_t:dir { getattr read open }; allow git_system_t httpd_git_content_t:file { read open getattr }; allow httpd_git_script_t nfs_t:dir { write }; allow git_system_t httpd_git_content_t:dir { search }; allow httpd_git_script_t nfs_t:dir { create write add_name remove_name }; allow httpd_git_script_t nfs_t:file { create write rename setattr }; allow git_script_t nfs_t:file { unlink link };