--- a/phpfpm.fc
+++ b/phpfpm.fc
@@ -2,4 +2,5 @@
 
 /var/log/php-fpm.log			gen_context(system_u:object_r:phpfpm_log_t,s0)
 /var/run/php-fpm.pid			gen_context(system_u:object_r:phpfpm_var_run_t,s0)
+/var/run/php*-fpm/*.sock               gen_context(system_u:object_r:phpfpm_var_run_t,s0)
 
--- a/phpfpm.if
+++ b/phpfpm.if
@@ -0,0 +1,18 @@
+
+########################################
+## <summary>
+##      Connect to phpfpm using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+## <rolecap/>
+#
+interface(`phpfpm_stream_connect',`
+        gen_require(`
+                type phpfpm_t, phpfpm_var_run_t;
+        ')
+        stream_connect_pattern($1, phpfpm_var_run_t, phpfpm_var_run_t, phpfpm_t)
+')
--- a/phpfpm.te
+++ b/phpfpm.te
@@ -29,6 +32,7 @@
 allow phpfpm_t self:tcp_socket rw_stream_socket_perms;
 allow phpfpm_t self:udp_socket connected_socket_perms;
 allow phpfpm_t self:unix_stream_socket accept;
+allow phpfpm_t self:unix_stream_socket create_stream_socket_perms;
 
 manage_files_pattern(phpfpm_t, phpfpm_log_t, phpfpm_log_t)
 logging_log_filetrans(phpfpm_t, phpfpm_log_t, file)
@@ -38,7 +42,8 @@
 files_tmp_filetrans(phpfpm_t, phpfpm_tmp_t, {file dir})
 
 manage_files_pattern(phpfpm_t, phpfpm_var_run_t, phpfpm_var_run_t)
-files_pid_filetrans(phpfpm_t, phpfpm_var_run_t, file)
+files_pid_filetrans(phpfpm_t, phpfpm_var_run_t, { file sock_file })
+manage_sock_files_pattern(phpfpm_t, phpfpm_var_run_t, phpfpm_var_run_t)
 
 kernel_read_kernel_sysctls(phpfpm_t)
 
@@ -78,6 +83,7 @@
 
 optional_policy(`
 	postgresql_tcp_connect(phpfpm_t)
+	postgresql_stream_connect(phpfpm_t)
 ')
 
 optional_policy(`