ara-collection/roles/ara_api/files/ara-gunicorn.te

module ara-gunicorn 1.0;

require {
    type init_t;
    type user_home_t;
    class file { create execute execute_no_trans ioctl lock map open read write };
    class lnk_file { getattr read };
}

#============= init_t ==============

#!!!! This avc can be allowed using the boolean 'domain_can_mmap_files'
allow init_t user_home_t:file map;
allow init_t user_home_t:file { create execute execute_no_trans ioctl lock open read write };
allow init_t user_home_t:lnk_file { getattr read };