diff --git a/allow-httpd-to-put-files-in-httpd-config-dir.patch b/allow-httpd-to-put-files-in-httpd-config-dir.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7ccea6c10ead7a388f690417d71c180af0aa0736
--- /dev/null
+++ b/allow-httpd-to-put-files-in-httpd-config-dir.patch
@@ -0,0 +1,29 @@
+From cf6c809927dfc258f44e55116556625b4ecc7b5d Mon Sep 17 00:00:00 2001
+From: luhuaxin <luhuaxin1@huawei.com>
+Date: Fri, 24 Jun 2022 15:03:25 +0800
+Subject: [PATCH] allow httpd to put files in httpd config dir
+
+Signed-off-by: luhuaxin <luhuaxin1@huawei.com>
+---
+ policy/modules/contrib/apache.te | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
+index 0e4d4bf..b264818 100644
+--- a/policy/modules/contrib/apache.te
++++ b/policy/modules/contrib/apache.te
+@@ -516,9 +516,8 @@ files_var_filetrans(httpd_t, httpd_cache_t, { file dir })
+ allow httpd_t httpd_cache_t:file map;
+ 
+ # Allow the httpd_t to read the web servers config files
+-allow httpd_t httpd_config_t:dir list_dir_perms;
+-read_files_pattern(httpd_t, httpd_config_t, httpd_config_t)
+-read_lnk_files_pattern(httpd_t, httpd_config_t, httpd_config_t)
++# and put files in /etc/httpd
++apache_manage_config(httpd_t)
+ allow httpd_t httpd_config_t:file map;
+ 
+ can_exec(httpd_t, httpd_exec_t)
+-- 
+1.8.3.1
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index fe85e5ef5a6cfd9d5363b8c46f2068a6cb9a88b8..7c183fddd3496742691bc09cf1496a078d65f397 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -12,7 +12,7 @@
 Summary: SELinux policy configuration
 Name:    selinux-policy
 Version: 35.5
-Release: 4
+Release: 5
 License: GPLv2+
 URL:     https://github.com/fedora-selinux/selinux-policy/
 
@@ -69,6 +69,7 @@ Patch10: add-avc-for-systemd.patch
 Patch9000: add-qemu_exec_t-for-stratovirt.patch
 Patch9001: fix-context-of-usr-bin-rpmdb.patch
 Patch9002: Add-permission-open-to-files_read_inherited_tmp_file.patch
+Patch9003: allow-httpd-to-put-files-in-httpd-config-dir.patch
 
 BuildArch: noarch
 BuildRequires:  python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gcc
@@ -734,6 +735,9 @@ exit 0
 %endif
 
 %changelog
+* Sat Jun 25 2022 luhuaxin <luhuaxin1@huawei.com> - 35.5-5
+- allow httpd to create files in /etc/httpd
+
 * Thu Apr 28 2022 luhuaxin <luhuaxin1@huawei.com> - 35.5-4
 - add open permission to files_read_inherited_tmp_file