Foreman » SELinux

Foreman-Openscap using /var/spool/foreman-proxy/openscap/ to store uploaded ARF reports. Uploads from client fail because an AVC:

1360. 08/26/2015 13:48:14 ruby system_u:system_r:foreman_proxy_t:s0 2 dir write system_u:object_r:var_spool_t:s0 denied 242934
1361. 08/26/2015 13:48:14 ruby system_u:system_r:foreman_proxy_t:s0 2 dir add_name system_u:object_r:var_spool_t:s0 denied 242934
1362. 08/26/2015 13:48:14 ruby system_u:system_r:foreman_proxy_t:s0 2 file create system_u:object_r:var_spool_t:s0 denied 242934
1363. 08/26/2015 13:48:14 ruby system_u:system_r:foreman_proxy_t:s0 2 file write open system_u:object_r:var_spool_t:s0 denied 242934
1364. 08/26/2015 13:49:02 ruby system_u:system_r:foreman_proxy_t:s0 83 dir create system_u:object_r:var_spool_t:s0 denied 242942

Current type context:
matchpathcon /var/spool/foreman-proxy/openscap
/var/spool/foreman-proxy/openscap system_u:object_r:var_spool_t:s0

Possible solution:
An addon to the foreman-proxy module with:

require {
        type foreman_proxy_t;
        type var_spool_t;
        class dir { write create add_name };
        class file { write create open };
}

#============= foreman_proxy_t ==============
allow foreman_proxy_t var_spool_t:dir { write create add_name };
allow foreman_proxy_t var_spool_t:file { write create open };

or adding a fcontext to the fcontext database.