NRPE selinux policy.

roles/nagios_client/files/selinux/fi-nrpe.te

@@ -0,0 +1,11 @@
+module fi-nrpe 1.0;
+
+require {
+    type nagios_system_plugin_t;
+    type nrpe_exec_t;
+    class file getattr;
+}
+
+#============= nagios_system_plugin_t ==============
+allow nagios_system_plugin_t nrpe_exec_t:file getattr;
+

roles/nagios_client/tasks/main.yml

@@ -43,8 +43,20 @@
 # skvidal 2013-05-21
 
 
-# FIXME? figure out nrpe selinux policy of DOOM is needed
+# Three tasks for handling our custom selinux module
+- name: ensure a directory exists for our custom selinux module
+  file: dest=/usr/share/nrpe state=directory
 
+- name: copy over our custom selinux module
+  copy: src=selinux/fi-nrpe.pp dest=/usr/share/nrpe/fi-nrpe.pp
+  register: selinux_module
+
+- name: install our custom selinux module
+  command: semodule -i /usr/share/nrpe/fi-nrpe.pp
+  when: selinux_module|changed
+
+
+# Set up our base config.
 - name: /etc/nagios/nrpe.cfg
   template: src=nrpe.cfg.j2 dest=/etc/nagios/nrpe.cfg
   notify: