#
# /var
#
/var/cache/ipa/sessions(/.*)?  gen_context(system_u:object_r:httpd_sys_content_t,s0)

# Make these files writable so the selfsign plugin can operate
/etc/httpd/alias/cert8.db       --      gen_context(system_u:object_r:cert_t,s0)
/etc/httpd/alias/key3.db        --      gen_context(system_u:object_r:cert_t,s0)
/var/lib/ipa/ca_serialno        --      gen_context(system_u:object_r:cert_t,s0)