diff --git a/apache.if b/apache.if

index fac6fe5..804867a 100644

--- a/apache.if

+++ b/apache.if

@@ -14,99 +14,123 @@

 template(`apache_content_template',`

 	gen_require(`

 		attribute httpd_exec_scripts, httpd_script_exec_type;

-		type httpd_t, httpd_suexec_t, httpd_log_t;

-		type httpd_sys_content_t;

+		type httpd_t, httpd_suexec_t;

 		attribute httpd_script_type, httpd_content_type;

 	')

 	#This type is for webpages

-	type httpd_$1_content_t; # customizable;

-	typeattribute httpd_$1_content_t httpd_content_type;

-	typealias httpd_$1_content_t alias httpd_$1_script_ro_t;

-	files_type(httpd_$1_content_t)

+	type $1_content_t; # customizable;

+	typeattribute $1_content_t httpd_content_type;

+	typealias $1_content_t alias httpd_$1_script_ro_t;

+	files_type($1_content_t)

 	# This type is used for .htaccess files

-	type httpd_$1_htaccess_t, httpd_content_type; # customizable;

-	typeattribute httpd_$1_htaccess_t httpd_content_type;

-	files_type(httpd_$1_htaccess_t)

+	type $1_htaccess_t, httpd_content_type; # customizable;

+	typeattribute $1_htaccess_t httpd_content_type;

+	files_type($1_htaccess_t)

 	# Type that CGI scripts run as

-	type httpd_$1_script_t,	httpd_script_type;

-	domain_type(httpd_$1_script_t)

-	role system_r types httpd_$1_script_t;

+	type $1_script_t,	httpd_script_type;

+	domain_type($1_script_t)

+	role system_r types $1_script_t;

-	kernel_read_system_state(httpd_$1_script_t)

+	kernel_read_system_state($1_script_t)

 	# This type is used for executable scripts files

-	type httpd_$1_script_exec_t, httpd_script_exec_type; # customizable;

-	typeattribute httpd_$1_script_exec_t httpd_content_type;

-	domain_entry_file(httpd_$1_script_t, httpd_$1_script_exec_t)

+	type $1_script_exec_t, httpd_script_exec_type; # customizable;

+	typeattribute $1_script_exec_t httpd_content_type;

+	domain_entry_file($1_script_t, $1_script_exec_t)

-	type httpd_$1_rw_content_t; # customizable

-	typeattribute httpd_$1_rw_content_t httpd_content_type;

-	typealias httpd_$1_rw_content_t alias { httpd_$1_script_rw_t httpd_$1_content_rw_t };

-	files_type(httpd_$1_rw_content_t)

+	type $1_rw_content_t; # customizable

+	typeattribute $1_rw_content_t httpd_content_type;

+	typealias $1_rw_content_t alias { $1_script_rw_t };

+	files_type($1_rw_content_t)

-	type httpd_$1_ra_content_t, httpd_content_type; # customizable

-	typeattribute httpd_$1_ra_content_t httpd_content_type;

-	typealias httpd_$1_ra_content_t alias { httpd_$1_script_ra_t httpd_$1_content_ra_t };

-	files_type(httpd_$1_ra_content_t)

+	type $1_ra_content_t, httpd_content_type; # customizable

+	typeattribute $1_ra_content_t httpd_content_type;

+	typealias $1_ra_content_t alias { $1_script_ra_t $1_content_ra_t };

+	files_type($1_ra_content_t)

 	# Allow the script process to search the cgi directory, and users directory

-	allow httpd_$1_script_t httpd_$1_content_t:dir search_dir_perms;

+	allow $1_script_t $1_content_t:dir search_dir_perms;

-	can_exec(httpd_$1_script_t, httpd_$1_script_exec_t)

-	allow httpd_$1_script_t httpd_$1_script_exec_t:dir list_dir_perms;

+	can_exec($1_script_t, $1_script_exec_t)

+	allow $1_script_t $1_script_exec_t:dir list_dir_perms;

-	allow httpd_$1_script_t httpd_$1_ra_content_t:dir { list_dir_perms add_entry_dir_perms };

-	read_files_pattern(httpd_$1_script_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)

-	append_files_pattern(httpd_$1_script_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)

-	create_files_pattern(httpd_$1_script_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)

-	read_lnk_files_pattern(httpd_$1_script_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)

+	allow $1_script_t $1_ra_content_t:dir { list_dir_perms add_entry_dir_perms };

+	read_files_pattern($1_script_t, $1_ra_content_t, $1_ra_content_t)

+	append_files_pattern($1_script_t, $1_ra_content_t, $1_ra_content_t)

+	create_files_pattern($1_script_t, $1_ra_content_t, $1_ra_content_t)

+	read_lnk_files_pattern($1_script_t, $1_ra_content_t, $1_ra_content_t)

-	allow httpd_$1_script_t httpd_$1_content_t:dir list_dir_perms;

-	read_files_pattern(httpd_$1_script_t, httpd_$1_content_t, httpd_$1_content_t)

-	read_lnk_files_pattern(httpd_$1_script_t, httpd_$1_content_t, httpd_$1_content_t)

+	allow $1_script_t $1_content_t:dir list_dir_perms;

+	read_files_pattern($1_script_t, $1_content_t, $1_content_t)

+	read_lnk_files_pattern($1_script_t, $1_content_t, $1_content_t)

-	manage_dirs_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)

-	manage_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)

-	manage_lnk_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)

-	manage_fifo_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)

-	manage_sock_files_pattern(httpd_$1_script_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)

+	manage_dirs_pattern($1_script_t, $1_rw_content_t, $1_rw_content_t)

+	manage_files_pattern($1_script_t, $1_rw_content_t, $1_rw_content_t)

+	manage_lnk_files_pattern($1_script_t, $1_rw_content_t, $1_rw_content_t)

+	manage_fifo_files_pattern($1_script_t, $1_rw_content_t, $1_rw_content_t)

+	manage_sock_files_pattern($1_script_t, $1_rw_content_t, $1_rw_content_t)

 	# Allow the web server to run scripts and serve pages

 	tunable_policy(`httpd_builtin_scripting',`

-		manage_dirs_pattern(httpd_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)

-		manage_files_pattern(httpd_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)

-		manage_lnk_files_pattern(httpd_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)

-		rw_sock_files_pattern(httpd_t, httpd_$1_rw_content_t, httpd_$1_rw_content_t)

+		manage_dirs_pattern(httpd_t, $1_rw_content_t, $1_rw_content_t)

+		manage_files_pattern(httpd_t, $1_rw_content_t, $1_rw_content_t)

+		manage_lnk_files_pattern(httpd_t, $1_rw_content_t, $1_rw_content_t)

+		rw_sock_files_pattern(httpd_t, $1_rw_content_t, $1_rw_content_t)

-		allow httpd_t httpd_$1_ra_content_t:dir { add_entry_dir_perms };

-		read_files_pattern(httpd_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)

-		append_files_pattern(httpd_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)

-		create_files_pattern(httpd_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)

-		read_lnk_files_pattern(httpd_t, httpd_$1_ra_content_t, httpd_$1_ra_content_t)

+		allow httpd_t $1_ra_content_t:dir { add_entry_dir_perms };

+		read_files_pattern(httpd_t, $1_ra_content_t, $1_ra_content_t)

+		append_files_pattern(httpd_t, $1_ra_content_t, $1_ra_content_t)

+		create_files_pattern(httpd_t, $1_ra_content_t, $1_ra_content_t)

+		read_lnk_files_pattern(httpd_t, $1_ra_content_t, $1_ra_content_t)

 	')

 	tunable_policy(`httpd_enable_cgi',`

-		allow httpd_$1_script_t httpd_$1_script_exec_t:file entrypoint;

+		allow $1_script_t $1_script_exec_t:file entrypoint;

-		domtrans_pattern(httpd_suexec_t, httpd_$1_script_exec_t, httpd_$1_script_t)

+		domtrans_pattern(httpd_suexec_t, $1_script_exec_t, $1_script_t)

 		# privileged users run the script:

-		domtrans_pattern(httpd_exec_scripts, httpd_$1_script_exec_t, httpd_$1_script_t)

+		domtrans_pattern(httpd_exec_scripts, $1_script_exec_t, $1_script_t)

-		allow httpd_exec_scripts httpd_$1_script_exec_t:file read_file_perms;

+		allow httpd_exec_scripts $1_script_exec_t:file read_file_perms;

 		# apache runs the script:

-		domtrans_pattern(httpd_t, httpd_$1_script_exec_t, httpd_$1_script_t)

-		allow httpd_t httpd_$1_script_t:unix_dgram_socket sendto;

+		domtrans_pattern(httpd_t, $1_script_exec_t, $1_script_t)

+		allow httpd_t $1_script_t:unix_dgram_socket sendto;

 	')

 ')

 ########################################

 ## <summary>

+##	Create a set of derived types for apache

+##	web content.

+## </summary>

+## <param name="prefix">

+##	<summary>

+##	The prefix to be used for deriving new type names.

+##	</summary>

+## </param>

+## <param name="oldprefix">

+##	<summary>

+##	The prefix to be used for deriving old type names.

+##	</summary>

+## </param>

+#

+template(`apache_content_alias_template',`

+	typealias $1_htaccess_t alias httpd_$2_htaccess_t;

+	typealias $1_script_t alias httpd_$2_script_t;

+	typealias $1_script_exec_t alias httpd_$2_script_exec_t;

+	typealias $1_content_t alias httpd_$2_content_t;

+	typealias $1_rw_content_t alias httpd_$2_script_rw_content_t;

+	typealias $1_ra_content_t alias httpd_$2_script_ra_content_t;

+')

+

+########################################

+## <summary>

 ##	Role access for apache

 ## </summary>

 ## <param name="role">

diff --git a/apache.te b/apache.te

index 0e09bca..85e992e 100644

--- a/apache.te

+++ b/apache.te

@@ -370,7 +370,7 @@ type httpd_suexec_tmp_t;

 files_tmp_file(httpd_suexec_tmp_t)

 # setup the system domain for system CGI scripts

-apache_content_template(sys)

+apache_content_template(httpd_sys)

 typeattribute httpd_sys_content_t httpdcontent; # customizable

 typeattribute httpd_sys_rw_content_t httpdcontent; # customizable

@@ -389,7 +389,7 @@ files_tmp_file(httpd_tmp_t)

 type httpd_tmpfs_t;

 files_tmpfs_file(httpd_tmpfs_t)

-apache_content_template(user)

+apache_content_template(httpd_user)

 ubac_constrained(httpd_user_script_t)

 typeattribute httpd_user_content_t httpdcontent;

@@ -1619,6 +1619,7 @@ allow httpd_t httpd_script_exec_type:dir list_dir_perms;

 allow httpd_script_type self:process { setsched signal_perms };

 allow httpd_script_type self:unix_stream_socket create_stream_socket_perms;

 allow httpd_script_type self:unix_dgram_socket create_socket_perms;

+allow httpd_script_type httpd_t:unix_stream_socket rw_stream_socket_perms;

 allow httpd_script_type httpd_t:fd use;

 allow httpd_script_type httpd_t:process sigchld;

diff --git a/apcupsd.fc b/apcupsd.fc

index 1c37fe1..274704f 100644

--- a/apcupsd.fc

+++ b/apcupsd.fc

@@ -14,8 +14,8 @@

 /var/run/apcupsd\.pid	--	gen_context(system_u:object_r:apcupsd_var_run_t,s0)

-/var/www/apcupsd/multimon\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)

-/var/www/apcupsd/upsfstats\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)

-/var/www/apcupsd/upsimage\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)

-/var/www/apcupsd/upsstats\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)

-/var/www/cgi-bin/apcgui(/.*)?	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)

+/var/www/apcupsd/multimon\.cgi	--	gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0)

+/var/www/apcupsd/upsfstats\.cgi	--	gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0)

+/var/www/apcupsd/upsimage\.cgi	--	gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0)

+/var/www/apcupsd/upsstats\.cgi	--	gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0)

+/var/www/cgi-bin/apcgui(/.*)?	gen_context(system_u:object_r:apcupsd_cgi_script_exec_t,s0)

diff --git a/apcupsd.if b/apcupsd.if

index b6afc90..9c06313 100644

--- a/apcupsd.if

+++ b/apcupsd.if

@@ -102,7 +102,7 @@ interface(`apcupsd_append_log',`

 ########################################

 ## <summary>

 ##	Execute a domain transition to

-##	run httpd_apcupsd_cgi_script.

+##	run apcupsd_cgi_script.

 ## </summary>

 ## <param name="domain">

 ## <summary>

@@ -112,11 +112,11 @@ interface(`apcupsd_append_log',`

 #

 interface(`apcupsd_cgi_script_domtrans',`

 	gen_require(`

-		type httpd_apcupsd_cgi_script_t, httpd_apcupsd_cgi_script_exec_t;

+		type apcupsd_cgi_script_t, apcupsd_cgi_script_exec_t;

 	')

 	files_search_var($1)

-	domtrans_pattern($1, httpd_apcupsd_cgi_script_exec_t, httpd_apcupsd_cgi_script_t)

+	domtrans_pattern($1, apcupsd_cgi_script_exec_t, apcupsd_cgi_script_t)

 	optional_policy(`

 		apache_search_sys_content($1)

diff --git a/apcupsd.te b/apcupsd.te

index b4c43c7..11c215a 100644

--- a/apcupsd.te

+++ b/apcupsd.te

@@ -116,19 +116,20 @@ optional_policy(`

 optional_policy(`

 	apache_content_template(apcupsd_cgi)

-

-	allow httpd_apcupsd_cgi_script_t self:tcp_socket create_stream_socket_perms;

-	allow httpd_apcupsd_cgi_script_t self:udp_socket create_socket_perms;

-

-	corenet_all_recvfrom_netlabel(httpd_apcupsd_cgi_script_t)

-	corenet_tcp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t)

-	corenet_tcp_sendrecv_generic_node(httpd_apcupsd_cgi_script_t)

-	corenet_tcp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t)

-	corenet_sendrecv_apcupsd_client_packets(httpd_apcupsd_cgi_script_t)

-	corenet_tcp_connect_apcupsd_port(httpd_apcupsd_cgi_script_t)

-	corenet_udp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t)

-	corenet_udp_sendrecv_generic_node(httpd_apcupsd_cgi_script_t)

-	corenet_udp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t)

-

-	sysnet_dns_name_resolve(httpd_apcupsd_cgi_script_t)

+	apache_content_alias_template(apcupsd_cgi, apcupsd_cgi)

+

+	allow apcupsd_cgi_script_t self:tcp_socket create_stream_socket_perms;

+	allow apcupsd_cgi_script_t self:udp_socket create_socket_perms;

+

+	corenet_all_recvfrom_netlabel(apcupsd_cgi_script_t)

+	corenet_tcp_sendrecv_generic_if(apcupsd_cgi_script_t)

+	corenet_tcp_sendrecv_generic_node(apcupsd_cgi_script_t)

+	corenet_tcp_sendrecv_all_ports(apcupsd_cgi_script_t)

+	corenet_sendrecv_apcupsd_client_packets(apcupsd_cgi_script_t)

+	corenet_tcp_connect_apcupsd_port(apcupsd_cgi_script_t)

+	corenet_udp_sendrecv_generic_if(apcupsd_cgi_script_t)

+	corenet_udp_sendrecv_generic_node(apcupsd_cgi_script_t)

+	corenet_udp_sendrecv_all_ports(apcupsd_cgi_script_t)

+

+	sysnet_dns_name_resolve(apcupsd_cgi_script_t)

 ')

diff --git a/awstats.fc b/awstats.fc

index 11e6d5f..73b4ea4 100644

--- a/awstats.fc

+++ b/awstats.fc

@@ -1,5 +1,5 @@

 /usr/share/awstats/tools/.+\.pl	--	gen_context(system_u:object_r:awstats_exec_t,s0)

-/usr/share/awstats/wwwroot(/.*)?	gen_context(system_u:object_r:httpd_awstats_content_t,s0)

-/usr/share/awstats/wwwroot/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_awstats_script_exec_t,s0)

+/usr/share/awstats/wwwroot(/.*)?	gen_context(system_u:object_r:awstats_content_t,s0)

+/usr/share/awstats/wwwroot/cgi-bin(/.*)?	gen_context(system_u:object_r:awstats_script_exec_t,s0)

 /var/lib/awstats(/.*)?	gen_context(system_u:object_r:awstats_var_lib_t,s0)

diff --git a/awstats.te b/awstats.te

index c222135..ffbf2cb 100644

--- a/awstats.te

+++ b/awstats.te

@@ -26,6 +26,7 @@ type awstats_var_lib_t;

 files_type(awstats_var_lib_t)

 apache_content_template(awstats)

+apache_content_alias_template(awstats, awstats)

 ########################################

 #

@@ -40,9 +41,9 @@ files_tmp_filetrans(awstats_t, awstats_tmp_t, { dir file })

 manage_files_pattern(awstats_t, awstats_var_lib_t, awstats_var_lib_t)

-allow awstats_t { httpd_awstats_content_t  httpd_awstats_script_exec_t }:dir search_dir_perms;

+allow awstats_t { awstats_content_t  awstats_script_exec_t }:dir search_dir_perms;

-can_exec(awstats_t, { awstats_exec_t httpd_awstats_script_exec_t })

+can_exec(awstats_t, { awstats_exec_t awstats_script_exec_t })

 kernel_dontaudit_read_system_state(awstats_t)

@@ -86,13 +87,13 @@ optional_policy(`

 # CGI local policy

 #

-apache_read_log(httpd_awstats_script_t)

+apache_read_log(awstats_script_t)

-manage_dirs_pattern(httpd_awstats_script_t, awstats_tmp_t, awstats_tmp_t)

-manage_files_pattern(httpd_awstats_script_t, awstats_tmp_t, awstats_tmp_t)

-files_tmp_filetrans(httpd_awstats_script_t, awstats_tmp_t, { dir file })

+manage_dirs_pattern(awstats_script_t, awstats_tmp_t, awstats_tmp_t)

+manage_files_pattern(awstats_script_t, awstats_tmp_t, awstats_tmp_t)

+files_tmp_filetrans(awstats_script_t, awstats_tmp_t, { dir file })

-allow httpd_awstats_script_t awstats_var_lib_t:dir list_dir_perms;

+allow awstats_script_t awstats_var_lib_t:dir list_dir_perms;

-read_files_pattern(httpd_awstats_script_t, awstats_var_lib_t, awstats_var_lib_t)

-files_search_var_lib(httpd_awstats_script_t)

+read_files_pattern(awstats_script_t, awstats_var_lib_t, awstats_var_lib_t)

+files_search_var_lib(awstats_script_t)

diff --git a/bugzilla.fc b/bugzilla.fc

index fb6e397..9efceac 100644

--- a/bugzilla.fc

+++ b/bugzilla.fc

@@ -1,4 +1,4 @@

-/usr/share/bugzilla(/.*)?		gen_context(system_u:object_r:httpd_bugzilla_content_t,s0)

-/usr/share/bugzilla/.*\.cgi	--	gen_context(system_u:object_r:httpd_bugzilla_script_exec_t,s0)

+/usr/share/bugzilla(/.*)?		gen_context(system_u:object_r:bugzilla_content_t,s0)

+/usr/share/bugzilla/.*\.cgi	--	gen_context(system_u:object_r:bugzilla_script_exec_t,s0)

-/var/lib/bugzilla(/.*)?	gen_context(system_u:object_r:httpd_bugzilla_rw_content_t,s0)

+/var/lib/bugzilla(/.*)?	gen_context(system_u:object_r:bugzilla_rw_content_t,s0)

diff --git a/bugzilla.if b/bugzilla.if

index bf0cefa..d9ea246 100644

--- a/bugzilla.if

+++ b/bugzilla.if

@@ -12,10 +12,10 @@

 #

 interface(`bugzilla_search_content',`

 	gen_require(`

-		type httpd_bugzilla_content_t;

+		type bugzilla_content_t;

 	')

-	allow $1 httpd_bugzilla_content_t:dir search_dir_perms;

+	allow $1 bugzilla_content_t:dir search_dir_perms;

 ')

 ########################################

@@ -32,10 +32,10 @@ interface(`bugzilla_search_content',`

 #

 interface(`bugzilla_dontaudit_rw_stream_sockets',`

 	gen_require(`

-		type httpd_bugzilla_script_t;

+		type bugzilla_script_t;

 	')

-	dontaudit $1 httpd_bugzilla_script_t:unix_stream_socket { read write };

+	dontaudit $1 bugzilla_script_t:unix_stream_socket { read write };

 ')

 ########################################

@@ -51,32 +51,32 @@ interface(`bugzilla_dontaudit_rw_stream_sockets',`

 #

 interface(`bugzilla_admin',`

 	gen_require(`

-		type httpd_bugzilla_script_t, httpd_bugzilla_content_t, httpd_bugzilla_ra_content_t;

-		type httpd_bugzilla_rw_content_t, httpd_bugzilla_script_exec_t;

-		type httpd_bugzilla_htaccess_t, httpd_bugzilla_tmp_t;

+		type bugzilla_script_t, bugzilla_content_t, bugzilla_ra_content_t;

+		type bugzilla_rw_content_t, bugzilla_script_exec_t;

+		type bugzilla_htaccess_t, bugzilla_tmp_t;

 	')

-	allow $1 httpd_bugzilla_script_t:process signal_perms;

-	ps_process_pattern($1, httpd_bugzilla_script_t)

+	allow $1 bugzilla_script_t:process signal_perms;

+	ps_process_pattern($1, bugzilla_script_t)

 	tunable_policy(`deny_ptrace',`',`

-		allow $1 httpd_bugzilla_script_t:process ptrace;

+		allow $1 bugzilla_script_t:process ptrace;

 	')

 	files_list_tmp($1)

-	admin_pattern($1, httpd_bugzilla_tmp_t)

+	admin_pattern($1, bugzilla_tmp_t)

-	files_list_var_lib(httpd_bugzilla_script_t)

+	files_list_var_lib(bugzilla_script_t)

-	admin_pattern($1, httpd_bugzilla_script_exec_t)

-	admin_pattern($1, httpd_bugzilla_script_t)

-	admin_pattern($1, httpd_bugzilla_content_t)

-	admin_pattern($1, httpd_bugzilla_htaccess_t)

-	admin_pattern($1, httpd_bugzilla_ra_content_t)

+	admin_pattern($1, bugzilla_script_exec_t)

+	admin_pattern($1, bugzilla_script_t)

+	admin_pattern($1, bugzilla_content_t)

+	admin_pattern($1, bugzilla_htaccess_t)

+	admin_pattern($1, bugzilla_ra_content_t)

 	files_search_tmp($1)

 	files_search_var_lib($1)

-	admin_pattern($1, httpd_bugzilla_rw_content_t)

+	admin_pattern($1, bugzilla_rw_content_t)

 	optional_policy(`

 		apache_list_sys_content($1)

diff --git a/bugzilla.te b/bugzilla.te

index d9f3061..c62f617 100644

--- a/bugzilla.te

+++ b/bugzilla.te

@@ -6,54 +6,55 @@ policy_module(bugzilla, 1.1.0)

 #

 apache_content_template(bugzilla)

+apache_content_alias_template(bugzilla, bugzilla)

-type httpd_bugzilla_tmp_t;

-files_tmp_file(httpd_bugzilla_tmp_t)

+type bugzilla_tmp_t alias httpd_bugzilla_tmp_t;

+files_tmp_file(bugzilla_tmp_t)

 ########################################

 #

 # Local policy

 #

-allow httpd_bugzilla_script_t self:tcp_socket { accept listen };

+allow bugzilla_script_t self:tcp_socket { accept listen };

-corenet_all_recvfrom_netlabel(httpd_bugzilla_script_t)

-corenet_tcp_sendrecv_generic_if(httpd_bugzilla_script_t)

-corenet_tcp_sendrecv_generic_node(httpd_bugzilla_script_t)

+corenet_all_recvfrom_netlabel(bugzilla_script_t)

+corenet_tcp_sendrecv_generic_if(bugzilla_script_t)

+corenet_tcp_sendrecv_generic_node(bugzilla_script_t)

-corenet_sendrecv_http_client_packets(httpd_bugzilla_script_t)

-corenet_tcp_connect_http_port(httpd_bugzilla_script_t)

-corenet_tcp_sendrecv_http_port(httpd_bugzilla_script_t)

+corenet_sendrecv_http_client_packets(bugzilla_script_t)

+corenet_tcp_connect_http_port(bugzilla_script_t)

+corenet_tcp_sendrecv_http_port(bugzilla_script_t)

-corenet_sendrecv_smtp_client_packets(httpd_bugzilla_script_t)

-corenet_tcp_connect_smtp_port(httpd_bugzilla_script_t)

-corenet_tcp_sendrecv_smtp_port(httpd_bugzilla_script_t)

+corenet_sendrecv_smtp_client_packets(bugzilla_script_t)

+corenet_tcp_connect_smtp_port(bugzilla_script_t)

+corenet_tcp_sendrecv_smtp_port(bugzilla_script_t)

-manage_dirs_pattern(httpd_bugzilla_script_t, httpd_bugzilla_tmp_t, httpd_bugzilla_tmp_t)

-manage_files_pattern(httpd_bugzilla_script_t, httpd_bugzilla_tmp_t, httpd_bugzilla_tmp_t)

-files_tmp_filetrans(httpd_bugzilla_script_t, httpd_bugzilla_tmp_t, { file dir })

+manage_dirs_pattern(bugzilla_script_t, bugzilla_tmp_t, bugzilla_tmp_t)

+manage_files_pattern(bugzilla_script_t, bugzilla_tmp_t, bugzilla_tmp_t)

+files_tmp_filetrans(bugzilla_script_t, bugzilla_tmp_t, { file dir })

-files_search_var_lib(httpd_bugzilla_script_t)

+files_search_var_lib(bugzilla_script_t)

-auth_read_passwd(httpd_bugzilla_script_t)

+auth_read_passwd(bugzilla_script_t)

-dev_read_sysfs(httpd_bugzilla_script_t)

+dev_read_sysfs(bugzilla_script_t)

-sysnet_read_config(httpd_bugzilla_script_t)

-sysnet_use_ldap(httpd_bugzilla_script_t)

+sysnet_read_config(bugzilla_script_t)

+sysnet_use_ldap(bugzilla_script_t)

-miscfiles_read_certs(httpd_bugzilla_script_t)

+miscfiles_read_certs(bugzilla_script_t)

 optional_policy(`

-	mta_send_mail(httpd_bugzilla_script_t)

+	mta_send_mail(bugzilla_script_t)

 ')

 optional_policy(`

-	mysql_stream_connect(httpd_bugzilla_script_t)

-	mysql_tcp_connect(httpd_bugzilla_script_t)

+	mysql_stream_connect(bugzilla_script_t)

+	mysql_tcp_connect(bugzilla_script_t)

 ')

 optional_policy(`

-	postgresql_stream_connect(httpd_bugzilla_script_t)

-	postgresql_tcp_connect(httpd_bugzilla_script_t)

+	postgresql_stream_connect(bugzilla_script_t)

+	postgresql_tcp_connect(bugzilla_script_t)

 ')

diff --git a/collectd.fc b/collectd.fc

index 2e7d7ed..8d70290 100644

--- a/collectd.fc

+++ b/collectd.fc

@@ -8,4 +8,4 @@

 /var/run/collectd\.pid	--	gen_context(system_u:object_r:collectd_var_run_t,s0)

-/usr/share/collectd/collection3/bin/.*\.cgi	--	gen_context(system_u:object_r:httpd_collectd_script_exec_t,s0)

+/usr/share/collectd/collection3/bin/.*\.cgi	--	gen_context(system_u:object_r:collectd_script_exec_t,s0)

diff --git a/collectd.te b/collectd.te

index dc0423c..d078b96 100644

--- a/collectd.te

+++ b/collectd.te

@@ -30,9 +30,10 @@ type collectd_unit_file_t;

 systemd_unit_file(collectd_unit_file_t)

 apache_content_template(collectd)

+apache_content_alias_template(collectd, collectd)

-type httpd_collectd_script_tmp_t;

-files_tmp_file(httpd_collectd_script_tmp_t)

+type collectd_script_tmp_t alias httpd_collectd_script_tmp_t;

+files_tmp_file(collectd_script_tmp_t)

 ########################################

 #

@@ -102,13 +103,13 @@ optional_policy(`

 #

-files_search_var_lib(httpd_collectd_script_t)	

-read_files_pattern(httpd_collectd_script_t, collectd_var_lib_t, collectd_var_lib_t)

-list_dirs_pattern(httpd_collectd_script_t, collectd_var_lib_t, collectd_var_lib_t)

-miscfiles_setattr_fonts_cache_dirs(httpd_collectd_script_t)

+files_search_var_lib(collectd_script_t)	

+read_files_pattern(collectd_script_t, collectd_var_lib_t, collectd_var_lib_t)

+list_dirs_pattern(collectd_script_t, collectd_var_lib_t, collectd_var_lib_t)

+miscfiles_setattr_fonts_cache_dirs(collectd_script_t)

-manage_dirs_pattern(httpd_collectd_script_t, httpd_collectd_script_tmp_t, httpd_collectd_script_tmp_t)

-manage_files_pattern(httpd_collectd_script_t, httpd_collectd_script_tmp_t, httpd_collectd_script_tmp_t)

-files_tmp_filetrans(httpd_collectd_script_t, httpd_collectd_script_tmp_t, { file dir })	

+manage_dirs_pattern(collectd_script_t, collectd_script_tmp_t, collectd_script_tmp_t)

+manage_files_pattern(collectd_script_t, collectd_script_tmp_t, collectd_script_tmp_t)

+files_tmp_filetrans(collectd_script_t, collectd_script_tmp_t, { file dir })	

-auth_read_passwd(httpd_collectd_script_t)

+auth_read_passwd(collectd_script_t)

diff --git a/cvs.fc b/cvs.fc

index 75c8be9..e07e602 100644

--- a/cvs.fc

+++ b/cvs.fc

@@ -4,10 +4,10 @@

 /usr/bin/cvs	--	gen_context(system_u:object_r:cvs_exec_t,s0)

-/usr/share/cvsweb/cvsweb\.cgi	--	gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)

+/usr/share/cvsweb/cvsweb\.cgi	--	gen_context(system_u:object_r:cvs_script_exec_t,s0)

 /var/cvs(/.*)?	gen_context(system_u:object_r:cvs_data_t,s0)

 /var/run/cvs\.pid	--	gen_context(system_u:object_r:cvs_var_run_t,s0)

-/var/www/cgi-bin/cvsweb\.cgi	--	gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)

+/var/www/cgi-bin/cvsweb\.cgi	--	gen_context(system_u:object_r:cvs_script_exec_t,s0)

diff --git a/cvs.te b/cvs.te

index f98a932..c3502c3 100644

--- a/cvs.te

+++ b/cvs.te

@@ -125,9 +125,10 @@ optional_policy(`

 optional_policy(`

 	apache_content_template(cvs)

+	apache_content_alias_template(cvs, cvs)

-	read_files_pattern(httpd_cvs_script_t, cvs_data_t, cvs_data_t)

-	manage_dirs_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)

-	manage_files_pattern(httpd_cvs_script_t, cvs_tmp_t, cvs_tmp_t)

-	files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })

+	read_files_pattern(cvs_script_t, cvs_data_t, cvs_data_t)

+	manage_dirs_pattern(cvs_script_t, cvs_tmp_t, cvs_tmp_t)

+	manage_files_pattern(cvs_script_t, cvs_tmp_t, cvs_tmp_t)

+	files_tmp_filetrans(cvs_script_t, cvs_tmp_t, { file dir })

 ')

diff --git a/dirsrv-admin.fc b/dirsrv-admin.fc

index 8c44697..5e44c5e 100644

--- a/dirsrv-admin.fc

+++ b/dirsrv-admin.fc

@@ -6,8 +6,8 @@

 /usr/sbin/start-ds-admin	--	gen_context(system_u:object_r:dirsrvadmin_exec_t,s0)

 /usr/sbin/stop-ds-admin		--	gen_context(system_u:object_r:dirsrvadmin_exec_t,s0)

-/usr/lib/dirsrv/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_dirsrvadmin_script_exec_t,s0)

-/usr/lib/dirsrv/dsgw-cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_dirsrvadmin_script_exec_t,s0)

+/usr/lib/dirsrv/cgi-bin(/.*)?	gen_context(system_u:object_r:dirsrvadmin_script_exec_t,s0)

+/usr/lib/dirsrv/dsgw-cgi-bin(/.*)?	gen_context(system_u:object_r:dirsrvadmin_script_exec_t,s0)

 /usr/lib/dirsrv/cgi-bin/ds_create    --  gen_context(system_u:object_r:dirsrvadmin_unconfined_script_exec_t,s0)

 /usr/lib/dirsrv/cgi-bin/ds_remove    --  gen_context(system_u:object_r:dirsrvadmin_unconfined_script_exec_t,s0)

diff --git a/dirsrv-admin.if b/dirsrv-admin.if

index 30416f2..e360d38 100644

--- a/dirsrv-admin.if

+++ b/dirsrv-admin.if

@@ -29,13 +29,13 @@ interface(`dirsrvadmin_run_exec',`

 ##	</summary>

 ## </param>

 #

-interface(`dirsrvadmin_run_httpd_script_exec',`

+interface(`dirsrvadmin_run_script_exec',`

 	gen_require(`

-		type httpd_dirsrvadmin_script_exec_t;

+		type dirsrvadmin_script_exec_t;

 	')

-	allow $1 httpd_dirsrvadmin_script_exec_t:dir search_dir_perms;

-	can_exec($1, httpd_dirsrvadmin_script_exec_t)

+	allow $1 dirsrvadmin_script_exec_t:dir search_dir_perms;

+	can_exec($1, dirsrvadmin_script_exec_t)

 ')

 ########################################

diff --git a/dirsrv-admin.te b/dirsrv-admin.te

index 021c5ae..37afbd4 100644

--- a/dirsrv-admin.te

+++ b/dirsrv-admin.te

@@ -70,59 +70,60 @@ optional_policy(`

 optional_policy(`

 	apache_content_template(dirsrvadmin)

+	apache_content_alias_template(dirsrvadmin, dirsrvadmin)

-	allow httpd_dirsrvadmin_script_t self:process { getsched getpgid };

-	allow httpd_dirsrvadmin_script_t self:capability { fowner fsetid setuid net_bind_service setgid chown sys_nice kill dac_read_search dac_override };

-	allow httpd_dirsrvadmin_script_t self:tcp_socket create_stream_socket_perms;

-	allow httpd_dirsrvadmin_script_t self:udp_socket create_socket_perms;

-	allow httpd_dirsrvadmin_script_t self:unix_dgram_socket create_socket_perms;

-	allow httpd_dirsrvadmin_script_t self:netlink_route_socket r_netlink_socket_perms;

-	allow httpd_dirsrvadmin_script_t self:sem create_sem_perms;

+	allow dirsrvadmin_script_t self:process { getsched getpgid };

+	allow dirsrvadmin_script_t self:capability { fowner fsetid setuid net_bind_service setgid chown sys_nice kill dac_read_search dac_override };

+	allow dirsrvadmin_script_t self:tcp_socket create_stream_socket_perms;

+	allow dirsrvadmin_script_t self:udp_socket create_socket_perms;

+	allow dirsrvadmin_script_t self:unix_dgram_socket create_socket_perms;

+	allow dirsrvadmin_script_t self:netlink_route_socket r_netlink_socket_perms;

+	allow dirsrvadmin_script_t self:sem create_sem_perms;

-	manage_files_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_lock_t, dirsrvadmin_lock_t)

-	files_lock_filetrans(httpd_dirsrvadmin_script_t, dirsrvadmin_lock_t, { file })

+	manage_files_pattern(dirsrvadmin_script_t, dirsrvadmin_lock_t, dirsrvadmin_lock_t)

+	files_lock_filetrans(dirsrvadmin_script_t, dirsrvadmin_lock_t, { file })

-	kernel_read_kernel_sysctls(httpd_dirsrvadmin_script_t)

+	kernel_read_kernel_sysctls(dirsrvadmin_script_t)

-	corenet_tcp_bind_generic_node(httpd_dirsrvadmin_script_t)

-	corenet_udp_bind_generic_node(httpd_dirsrvadmin_script_t)

-	corenet_all_recvfrom_netlabel(httpd_dirsrvadmin_script_t)

+	corenet_tcp_bind_generic_node(dirsrvadmin_script_t)

+	corenet_udp_bind_generic_node(dirsrvadmin_script_t)

+	corenet_all_recvfrom_netlabel(dirsrvadmin_script_t)

-	corenet_tcp_bind_http_port(httpd_dirsrvadmin_script_t)

-	corenet_tcp_connect_generic_port(httpd_dirsrvadmin_script_t)

-	corenet_tcp_connect_ldap_port(httpd_dirsrvadmin_script_t)

-	corenet_tcp_connect_http_port(httpd_dirsrvadmin_script_t)

+	corenet_tcp_bind_http_port(dirsrvadmin_script_t)

+	corenet_tcp_connect_generic_port(dirsrvadmin_script_t)

+	corenet_tcp_connect_ldap_port(dirsrvadmin_script_t)

+	corenet_tcp_connect_http_port(dirsrvadmin_script_t)

-	files_search_var_lib(httpd_dirsrvadmin_script_t)

+	files_search_var_lib(dirsrvadmin_script_t)

-	sysnet_read_config(httpd_dirsrvadmin_script_t)

+	sysnet_read_config(dirsrvadmin_script_t)

-	manage_files_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)

-	manage_dirs_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)

-	files_tmp_filetrans(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, { file dir })

+	manage_files_pattern(dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)

+	manage_dirs_pattern(dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)

+	files_tmp_filetrans(dirsrvadmin_script_t, dirsrvadmin_tmp_t, { file dir })

 	optional_policy(`

-		apache_read_modules(httpd_dirsrvadmin_script_t)

-		apache_read_config(httpd_dirsrvadmin_script_t)

-		apache_signal(httpd_dirsrvadmin_script_t)

-		apache_signull(httpd_dirsrvadmin_script_t)

+		apache_read_modules(dirsrvadmin_script_t)

+		apache_read_config(dirsrvadmin_script_t)

+		apache_signal(dirsrvadmin_script_t)

+		apache_signull(dirsrvadmin_script_t)

 	')

 	optional_policy(`

 		# The CGI scripts must be able to manage dirsrv-admin

-		dirsrvadmin_run_exec(httpd_dirsrvadmin_script_t)

-		dirsrvadmin_manage_config(httpd_dirsrvadmin_script_t)

-		dirsrv_domtrans(httpd_dirsrvadmin_script_t)

-		dirsrv_signal(httpd_dirsrvadmin_script_t)

-		dirsrv_signull(httpd_dirsrvadmin_script_t)

-		dirsrv_manage_log(httpd_dirsrvadmin_script_t)

-		dirsrv_manage_var_lib(httpd_dirsrvadmin_script_t)

-		dirsrv_pid_filetrans(httpd_dirsrvadmin_script_t)

-		dirsrv_manage_var_run(httpd_dirsrvadmin_script_t)

-		dirsrv_manage_config(httpd_dirsrvadmin_script_t)

-		dirsrv_read_share(httpd_dirsrvadmin_script_t)

+		dirsrvadmin_run_exec(dirsrvadmin_script_t)

+		dirsrvadmin_manage_config(dirsrvadmin_script_t)

+		dirsrv_domtrans(dirsrvadmin_script_t)

+		dirsrv_signal(dirsrvadmin_script_t)

+		dirsrv_signull(dirsrvadmin_script_t)

+		dirsrv_manage_log(dirsrvadmin_script_t)

+		dirsrv_manage_var_lib(dirsrvadmin_script_t)

+		dirsrv_pid_filetrans(dirsrvadmin_script_t)

+		dirsrv_manage_var_run(dirsrvadmin_script_t)

+		dirsrv_manage_config(dirsrvadmin_script_t)

+		dirsrv_read_share(dirsrvadmin_script_t)

 	')

 ')

diff --git a/dspam.fc b/dspam.fc

index 3ea0423..b5fcb77 100644

--- a/dspam.fc

+++ b/dspam.fc

@@ -2,7 +2,7 @@

 /usr/bin/dspam	--	gen_context(system_u:object_r:dspam_exec_t,s0)

-/usr/share/dspam-web/dspam\.cgi	--	gen_context(system_u:object_r:httpd_dspam_script_exec_t,s0)

+/usr/share/dspam-web/dspam\.cgi	--	gen_context(system_u:object_r:dspam_script_exec_t,s0)

 /var/lib/dspam(/.*)?	gen_context(system_u:object_r:dspam_var_lib_t,s0)

@@ -11,7 +11,7 @@

 /var/run/dspam(/.*)?	gen_context(system_u:object_r:dspam_var_run_t,s0)

 # web

-/var/www/dspam/.*\.cgi 	--	gen_context(system_u:object_r:httpd_dspam_script_exec_t,s0)

-/var/www/dspam(/.*?)		gen_context(system_u:object_r:httpd_dspam_content_t,s0)

+/var/www/dspam/.*\.cgi 	--	gen_context(system_u:object_r:dspam_script_exec_t,s0)

+/var/www/dspam(/.*?)		gen_context(system_u:object_r:dspam_content_t,s0)

-/var/lib/dspam/data(/.*)?			gen_context(system_u:object_r:httpd_dspam_rw_content_t,s0)

+/var/lib/dspam/data(/.*)?			gen_context(system_u:object_r:dspam_rw_content_t,s0)

diff --git a/dspam.te b/dspam.te

index 37c844b..1ec4d89 100644

--- a/dspam.te

+++ b/dspam.te

@@ -75,29 +75,27 @@ logging_send_syslog_msg(dspam_t)

 optional_policy(`

 	apache_content_template(dspam)

+	apache_content_alias_template(dspam, dspam)

-	read_files_pattern(httpd_dspam_script_t, dspam_var_lib_t, dspam_var_lib_t)

+	read_files_pattern(dspam_script_t, dspam_var_lib_t, dspam_var_lib_t)

-	files_search_var_lib(httpd_dspam_script_t)

-	list_dirs_pattern(dspam_t, httpd_dspam_content_t, httpd_dspam_content_t)

-	manage_dirs_pattern(dspam_t, httpd_dspam_content_rw_t, httpd_dspam_content_rw_t)

-	manage_files_pattern(dspam_t, httpd_dspam_content_rw_t, httpd_dspam_content_rw_t)

+	files_search_var_lib(dspam_script_t)

-	domain_dontaudit_read_all_domains_state(httpd_dspam_script_t)

+	domain_dontaudit_read_all_domains_state(dspam_script_t)

-	term_dontaudit_search_ptys(httpd_dspam_script_t)

-	term_dontaudit_getattr_all_ttys(httpd_dspam_script_t)

-	term_dontaudit_getattr_all_ptys(httpd_dspam_script_t)

+	term_dontaudit_search_ptys(dspam_script_t)

+	term_dontaudit_getattr_all_ttys(dspam_script_t)

+	term_dontaudit_getattr_all_ptys(dspam_script_t)

-	init_read_utmp(httpd_dspam_script_t)

+	init_read_utmp(dspam_script_t)

-	logging_send_syslog_msg(httpd_dspam_script_t)

+	logging_send_syslog_msg(dspam_script_t)

-	mta_send_mail(httpd_dspam_script_t)

+	mta_send_mail(dspam_script_t)

 	optional_policy(`

-	    mysql_tcp_connect(httpd_dspam_script_t)

-	    mysql_stream_connect(httpd_dspam_script_t)

+	    mysql_tcp_connect(dspam_script_t)

+	    mysql_stream_connect(dspam_script_t)

 	')

 ')

diff --git a/git.fc b/git.fc

index 24700f8..6561d56 100644

--- a/git.fc

+++ b/git.fc

@@ -2,12 +2,12 @@ HOME_DIR/public_git(/.*)?	gen_context(system_u:object_r:git_user_content_t,s0)

 /usr/libexec/git-core/git-daemon	--	gen_context(system_u:object_r:gitd_exec_t,s0)

-/var/cache/cgit(/.*)?	gen_context(system_u:object_r:httpd_git_rw_content_t,s0)

-/var/cache/gitweb-caching(/.*)?	gen_context(system_u:object_r:httpd_git_rw_content_t,s0)

+/var/cache/cgit(/.*)?	gen_context(system_u:object_r:git_rw_content_t,s0)

+/var/cache/gitweb-caching(/.*)?	gen_context(system_u:object_r:git_rw_content_t,s0)

 /var/lib/git(/.*)?	gen_context(system_u:object_r:git_sys_content_t,s0)

-/var/www/cgi-bin/cgit	--	gen_context(system_u:object_r:httpd_git_script_exec_t,s0)

-/var/www/git(/.*)?	gen_context(system_u:object_r:httpd_git_content_t,s0)

-/var/www/git/gitweb\.cgi	--	gen_context(system_u:object_r:httpd_git_script_exec_t,s0)

-/var/www/gitweb-caching/gitweb\.cgi	--	gen_context(system_u:object_r:httpd_git_script_exec_t,s0)

+/var/www/cgi-bin/cgit	--	gen_context(system_u:object_r:git_script_exec_t,s0)

+/var/www/git(/.*)?	gen_context(system_u:object_r:git_content_t,s0)

+/var/www/git/gitweb\.cgi	--	gen_context(system_u:object_r:git_script_exec_t,s0)

+/var/www/gitweb-caching/gitweb\.cgi	--	gen_context(system_u:object_r:git_script_exec_t,s0)

diff --git a/git.te b/git.te

index 2609364..d3caffa 100644

--- a/git.te

+++ b/git.te

@@ -75,6 +75,7 @@ attribute git_daemon;

 attribute_role git_session_roles;

 apache_content_template(git)

+apache_content_alias_template(git, git)

 type git_system_t, git_daemon;

 type gitd_exec_t;

@@ -210,48 +211,48 @@ tunable_policy(`git_system_use_nfs',`

 # CGI policy

 #

-list_dirs_pattern(httpd_git_script_t, { git_sys_content_t git_user_content_t }, { git_sys_content_t git_user_content_t })

-read_files_pattern(httpd_git_script_t, { git_sys_content_t git_user_content_t }, { git_sys_content_t git_user_content_t })

-files_search_var_lib(httpd_git_script_t)

+list_dirs_pattern(git_script_t, { git_sys_content_t git_user_content_t }, { git_sys_content_t git_user_content_t })

+read_files_pattern(git_script_t, { git_sys_content_t git_user_content_t }, { git_sys_content_t git_user_content_t })

+files_search_var_lib(git_script_t)

-files_dontaudit_getattr_tmp_dirs(httpd_git_script_t)

+files_dontaudit_getattr_tmp_dirs(git_script_t)

-auth_use_nsswitch(httpd_git_script_t)

+auth_use_nsswitch(git_script_t)

 tunable_policy(`git_cgi_enable_homedirs',`

-	userdom_search_user_home_dirs(httpd_git_script_t)

+	userdom_search_user_home_dirs(git_script_t)