More SELinux rules.

diff --git a/passenger.te b/passenger.te
index e2e43af..6105bda 100644 (file)
--- a/passenger.te
+++ b/passenger.te
@@ -26,10 +26,12 @@ allow httpd_t passenger_tmp_t:sock_file write;
 
 #============= passenger_t ==============
 allow passenger_t ifconfig_exec_t:file { read getattr open execute execute_no_trans };
-allow passenger_t locale_t:file getattr;
+allow passenger_t locale_t:file { getattr read open };
 allow passenger_t proc_net_t:file { read getattr open };
 allow passenger_t puppet_var_lib_t:dir { create rmdir };
 allow passenger_t puppet_var_lib_t:file { relabelfrom relabelto };
+allow passenger_t anon_inodefs_t:file { write read };
+allow passenger_t httpd_t:unix_stream_socket getattr;
 
 #!!!! This avc can be allowed using the boolean 'allow_ypbind'
 allow passenger_t self:tcp_socket listen;