acme-updater: allow execution of apache binaries (e.g. apachectl)

policy/modules/acme-updater.te

@@ -1,4 +1,4 @@
-policy_module(acme-updater, 0.1.10)
+policy_module(acme-updater, 0.1.11)
 
 #################################
 #
@@ -15,8 +15,8 @@ init_system_domain(acmeupdater_t, acmeupdater_exec_t)
 #
 
 allow acmeupdater_t self:capability { dac_read_search dac_override sys_resource };
+allow acmeupdater_t self:process setrlimit;
 
-apache_manage_config(acmeupdater_t)
 corecmd_exec_bin(acmeupdater_t)
 corecmd_exec_shell(acmeupdater_t)
 
@@ -42,6 +42,7 @@ read_files_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
 read_lnk_files_pattern(acmeupdater_t, acmetool_var_lib_t, acmetool_var_lib_t)
 
 apache_manage_config(acmeupdater_t)
+apache_domtrans(acmeupdater_t)
 
 gen_require(`
 	type httpd_initrc_exec_t;