policy_module(phpfpm_additional, 0.0.1)

require {
  type phpfpm_t;
}

allow phpfpm_t self:process sigkill;

miscfiles_read_all_certs(phpfpm_t)
corenet_tcp_connect_http_port(phpfpm_t)
apache_manage_sys_content(phpfpm_t)
fs_mmap_rw_hugetlbfs_files(phpfpm_t)