Foreman » SELinux

It looks like due to bug in RHEL 7.1 base policy, there is an issue with this macro. But looking on our codebase I think this template is now only used for helper scripts:

TE:
apache_content_template(foreman)
manage_dirs_pattern(httpd_foreman_script_t, foreman_lib_t , foreman_lib_t)
manage_dirs_pattern(httpd_foreman_script_t, foreman_lib_t , foreman_lib_t)
manage_files_pattern(httpd_foreman_script_t, foreman_log_t , foreman_log_t)
manage_files_pattern(httpd_foreman_script_t, foreman_var_run_t , foreman_var_run_t)
files_read_etc_files(httpd_foreman_script_t)
logging_send_syslog_msg(httpd_foreman_script_t)
miscfiles_read_localization(httpd_foreman_script_t)

FC:
/usr/share/foreman/script(/.*)?         gen_context(system_u:object_r:httpd_foreman_script_exec_t,s0)

# ls /usr/share/foreman/script -Z
-rwxr-xr-x. root root system_u:object_r:httpd_foreman_script_exec_t:s0 foreman-config
-rwxr-xr-x. root root system_u:object_r:httpd_foreman_script_exec_t:s0 foreman-debug
drwxr-xr-x. root root system_u:object_r:httpd_foreman_script_exec_t:s0 foreman-debug.d
-rwxr-xr-x. root root system_u:object_r:httpd_foreman_script_exec_t:s0 foreman-rake
-rwxr-xr-x. root root system_u:object_r:httpd_foreman_script_exec_t:s0 foreman-tail
drwxr-xr-x. root root system_u:object_r:httpd_foreman_script_exec_t:s0 foreman-tail.d
drwxr-xr-x. root root system_u:object_r:httpd_foreman_script_exec_t:s0 performance
-rwxr-xr-x. root root system_u:object_r:httpd_foreman_script_exec_t:s0 rails
-rwxr-xr-x. root root system_u:object_r:httpd_foreman_script_exec_t:s0 routes
-rwxr-xr-x. root root system_u:object_r:httpd_foreman_script_exec_t:s0 show-missing-rails-locales.sh
-rwxr-xr-x. root root system_u:object_r:httpd_foreman_script_exec_t:s0 update-rails-locales.sh

I think we can get rid of this and use either passenger_t for our helper scripts or define an alias.

Opinion Dominic?