From af8ab671e55dda7b31050388147904918c6a1fc0 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Mon, 9 Jun 2014 16:25:03 +0200
Subject: [PATCH] More SELinux rules.

---
 passenger.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/passenger.te b/passenger.te
index e2e43af..6105bda 100644
--- a/passenger.te
+++ b/passenger.te
@@ -26,10 +26,12 @@ allow httpd_t passenger_tmp_t:sock_file write;
 
 #============= passenger_t ==============
 allow passenger_t ifconfig_exec_t:file { read getattr open execute execute_no_trans };
-allow passenger_t locale_t:file getattr;
+allow passenger_t locale_t:file { getattr read open };
 allow passenger_t proc_net_t:file { read getattr open };
 allow passenger_t puppet_var_lib_t:dir { create rmdir };
 allow passenger_t puppet_var_lib_t:file { relabelfrom relabelto };
+allow passenger_t anon_inodefs_t:file { write read };
+allow passenger_t httpd_t:unix_stream_socket getattr;
 
 #!!!! This avc can be allowed using the boolean 'allow_ypbind'
 allow passenger_t self:tcp_socket listen;
-- 
1.8.2.3