module ironic_policy 1.0;

require {
        type httpd_t;
        type root_t;
        type default_t;
        class file open;
        class file read;
        class file getattr;
}


#============= httpd_t ==============

#!!!! This avc can be allowed using the boolean 'daemons_dump_core'
allow httpd_t root_t:file open;
allow httpd_t default_t:file open;
allow httpd_t root_t:file { read getattr };
allow httpd_t default_t:file open;