diff --git a/selinux/koji-sign.te b/selinux/koji-sign.te
index 8c99589..b510806 100644
--- a/selinux/koji-sign.te
+++ b/selinux/koji-sign.te
@@ -6,17 +6,18 @@ require {
 	type devpts_t;
 	type httpd_t;
 	type ptmx_t;
+	type rpm_var_lib_t;
 	class chr_file { getattr ioctl open read write };
 	class dir { add_name remove_name setattr write };
-	class file { create link unlink write };
+	class file { create link map unlink write };
 	class sock_file { create getattr setattr unlink write };
 }
 
 #============= httpd_t ==============
 
-#!!!! This avc is allowed in the current policy
 allow httpd_t devpts_t:chr_file open;
 allow httpd_t ptmx_t:chr_file { getattr ioctl open read write };
 allow httpd_t etc_t:dir { add_name remove_name setattr write };
 allow httpd_t etc_t:file { create link unlink write };
 allow httpd_t etc_t:sock_file { create getattr setattr unlink write };
+allow httpd_t rpm_var_lib_t:file map;