v2ray confdir with domain socket under SELinux

nginx.te

module nginx 1.0;

require {
        type unconfined_service_t;
        type var_t;
        type var_run_t;
        type http_port_t;
        type httpd_t;
        class process setrlimit;
        class tcp_socket name_connect;
        class sock_file write;
        class unix_stream_socket connectto;
        class file { getattr open read };
}

#============= httpd_t ==============

#!!!! This avc is allowed in the current policy
allow httpd_t http_port_t:tcp_socket name_connect;

#!!!! This avc is allowed in the current policy
allow httpd_t self:process setrlimit;

#!!!! This avc is allowed in the current policy
allow httpd_t unconfined_service_t:unix_stream_socket connectto;

#!!!! This avc is allowed in the current policy
allow httpd_t var_run_t:sock_file write;

#!!!! This avc is allowed in the current policy
allow httpd_t var_t:file { getattr read };
allow httpd_t var_t:file open;

override.conf

[Service]
User=nginx
DynamicUser=false
RuntimeDirectory=v2ray

selinux.sh

#!/bin/bash

grep nginx /var/log/audit/audit.log | audit2allow -m nginx > nginx.te
checkmodule -M -m -o nginx.mod nginx.te
semodule_package -o nginx.pp -m nginx.mod
semodule -i nginx.pp
rm -rf nginx.te nginx.mod nginx.pp