diff --git a/contrib/selinux/README b/contrib/selinux/README
new file mode 100644
index 00000000..c502266e
--- /dev/null
+++ b/contrib/selinux/README
@@ -0,0 +1,13 @@
+setsebool -P allow_httpd_mod_auth_ntlm_winbind on
+setsebool -P httpd_can_network_connect on
+setsebool -P httpd_ssi_exec on
+
+setsebool -P httpd_use_nfs 1 (in case of nfs)
+
+
+checkmodule -M -m -o piler.mod piler.te 
+semodule_package -o piler.pp -m piler.mod 
+semodule -i piler.pp 
+
+chcon -R --type=httpd_sys_rw_content_t /var/piler/www/tmp
+
diff --git a/contrib/selinux/piler.te b/contrib/selinux/piler.te
new file mode 100644
index 00000000..29cf0278
--- /dev/null
+++ b/contrib/selinux/piler.te
@@ -0,0 +1,38 @@
+module piler 1.2;
+
+require {
+        type devlog_t;
+        type httpd_sys_script_t;
+        type httpd_t;
+        type initrc_t;
+        type initrc_var_run_t;
+        type kernel_t;
+        type public_content_t;
+        type var_t;
+
+        class capability { kill setuid setgid sys_resource };
+        class dir search;
+        class file { read execute open getattr };
+        class netlink_audit_socket create;
+        class process { setrlimit signal };
+        class sock_file write;
+        class unix_dgram_socket sendto;
+
+}
+
+#============= httpd_sys_script_t ==============
+
+allow httpd_sys_script_t var_t:file { getattr open read };
+allow httpd_sys_script_t devlog_t:sock_file write;
+allow httpd_sys_script_t httpd_t:file { getattr read open };
+allow httpd_sys_script_t httpd_t:dir search;
+allow httpd_sys_script_t initrc_t:process signal;
+allow httpd_sys_script_t initrc_var_run_t:file { getattr open read };
+allow httpd_sys_script_t kernel_t:unix_dgram_socket sendto;
+allow httpd_sys_script_t self:capability { kill setuid setgid sys_resource };
+allow httpd_sys_script_t self:netlink_audit_socket create;
+allow httpd_sys_script_t self:process setrlimit;
+
+allow httpd_t var_t:file getattr;
+
+