module koji-sign 1.0;

require {
	type etc_t;
	type devpts_t;
	type httpd_t;
	type ptmx_t;
	class chr_file { getattr ioctl open read write };
	class dir { add_name remove_name setattr write };
	class file { create link unlink write };
	class sock_file { create getattr setattr unlink write };
}

#============= httpd_t ==============

#!!!! This avc is allowed in the current policy
allow httpd_t devpts_t:chr_file open;
allow httpd_t ptmx_t:chr_file { getattr ioctl open read write };
allow httpd_t etc_t:dir { add_name remove_name setattr write };
allow httpd_t etc_t:file { create link unlink write };
allow httpd_t etc_t:sock_file { create getattr setattr unlink write };