diff --git a/README.md b/README.md
index e0c39f7..74083b2 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,12 @@
 # globus-selinux-policy
 
+## install globus-server selinux policy
+
+```
+curl -o globus.te https://gitea.alecksey.com/alecksey/globus-selinux-policy/raw/branch/master/globus.te
+checkmodule -M -m -o globus.mod globus.te
+sudo semodule_package -o globus.pp -m globus.mod
+sudo semodule -i globus.pp
+rm -f globus.*
+setsebool -P domain_can_mmap_files 1
+```
\ No newline at end of file
diff --git a/globus.te b/globus.te
new file mode 100644
index 0000000..1c3a2c5
--- /dev/null
+++ b/globus.te
@@ -0,0 +1,36 @@
+
+module globus 1.0;
+
+require {
+    type mysqld_port_t;
+    type user_home_t;
+    type tmp_t;
+    type init_t;
+    type httpd_t;
+    type httpd_config_t;
+    type smtp_port_t;
+    type http_port_t;
+    type public_content_rw_t;
+    type unreserved_port_t;
+    class tcp_socket name_connect;
+    class dir { add_name create rename reparent rmdir };
+    class file { append create execute execute_no_trans lock open read setattr unlink write };
+}
+
+#============= httpd_t =============
+allow httpd_t http_port_t:tcp_socket name_connect;
+allow httpd_t httpd_config_t:dir add_name;
+allow httpd_t httpd_config_t:file {append create};
+
+allow httpd_t smtp_port_t:tcp_socket name_connect;
+
+allow httpd_t unreserved_port_t:tcp_socket name_connect;
+
+#============= init_t ==============
+
+allow init_t mysqld_port_t:tcp_socket name_connect;
+allow init_t tmp_t:file unlink;
+allow init_t user_home_t:dir { create rename reparent rmdir };
+allow init_t user_home_t:file { append create execute execute_no_trans lock open read setattr unlink write };
+allow init_t public_content_rw_t:file execute;
+allow init_t public_content_rw_t:file { append create execute execute_no_trans lock open read setattr unlink write };