From 7f3a98da18a796a5df1f39e21010a1f80355f0ba Mon Sep 17 00:00:00 2001
From: Trevor Batley <trevor@batley.id.au>
Date: Sun, 29 Sep 2024 11:35:32 +1000
Subject: [PATCH] slight tweak to koji-sign sepolicy

---
 selinux/koji-sign.te | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/selinux/koji-sign.te b/selinux/koji-sign.te
index 8c99589..b510806 100644
--- a/selinux/koji-sign.te
+++ b/selinux/koji-sign.te
@@ -6,17 +6,18 @@ require {
 	type devpts_t;
 	type httpd_t;
 	type ptmx_t;
+	type rpm_var_lib_t;
 	class chr_file { getattr ioctl open read write };
 	class dir { add_name remove_name setattr write };
-	class file { create link unlink write };
+	class file { create link map unlink write };
 	class sock_file { create getattr setattr unlink write };
 }
 
 #============= httpd_t ==============
 
-#!!!! This avc is allowed in the current policy
 allow httpd_t devpts_t:chr_file open;
 allow httpd_t ptmx_t:chr_file { getattr ioctl open read write };
 allow httpd_t etc_t:dir { add_name remove_name setattr write };
 allow httpd_t etc_t:file { create link unlink write };
 allow httpd_t etc_t:sock_file { create getattr setattr unlink write };
+allow httpd_t rpm_var_lib_t:file map;