php-fpm: adapt for php 7.0

policy/modules/php-fpm.fc

@@ -13,7 +13,7 @@
 /usr/lib/php(/.*)?	--	gen_context(system_u:object_r:php_usr_lib_t,s0)
  
 /var/run/php5-fpm\.pid	--	gen_context(system_u:object_r:phpfpm_var_run_t,s0)
-/run/php(/.*)?		--	gen_context(system_u:object_r:phpfpm_var_run_t,s0)
+/var/run/php/php7.0-fpm\.pid		--	gen_context(system_u:object_r:phpfpm_var_run_t,s0)
 
 /var/log/php5-fpm\.log	--	gen_context(system_u:object_r:phpfpm_var_log_t,s0)
 /var/log/php7.0-fpm\.log	--	gen_context(system_u:object_r:phpfpm_var_log_t,s0)

policy/modules/php-fpm.te

@@ -1,4 +1,4 @@
-policy_module(php-fpm, 0.2.11)
+policy_module(php-fpm, 0.2.12)
 
 ########################################
 #
@@ -46,7 +46,7 @@ allow phpfpm_t self:capability { setuid setgid };
 allow phpfpm_t self:fifo_file { write read };
 allow phpfpm_t self:tcp_socket { setopt getopt bind create accept listen };
 allow phpfpm_t self:capability kill;
-allow phpfpm_t self:process signal;
+allow phpfpm_t self:process { signal execmem };
 allow phpfpm_t self:fifo_file getattr;
 
 read_files_pattern(phpfpm_t, phpfpm_etc_t, phpfpm_etc_t)
@@ -82,10 +82,14 @@ corenet_tcp_bind_cslistener_port(phpfpm_t)
 corenet_tcp_bind_generic_node(phpfpm_t)
 corenet_tcp_connect_tor_port(phpfpm_t)
 corenet_tcp_bind_all_unreserved_ports(phpfpm_t)
+
 kernel_read_kernel_sysctls(phpfpm_t)
+kernel_read_crypto_sysctls(phpfpm_t)
+
 fs_getattr_xattr_fs(phpfpm_t)
-corenet_tcp_connect_http_port(phpfpm_t)
+fs_rw_hugetlbfs_files(phpfpm_t)
 
+corenet_tcp_connect_http_port(phpfpm_t)
 corenet_sendrecv_smtp_client_packets(phpfpm_t)
 corenet_tcp_connect_smtp_port(phpfpm_t)
 corenet_tcp_sendrecv_smtp_port(phpfpm_t)