diff --git a/roles/nagios_client/files/selinux/fi-nrpe.mod b/roles/nagios_client/files/selinux/fi-nrpe.mod
new file mode 100644
index 0000000000..f0552460cd
Binary files /dev/null and b/roles/nagios_client/files/selinux/fi-nrpe.mod differ
diff --git a/roles/nagios_client/files/selinux/fi-nrpe.pp b/roles/nagios_client/files/selinux/fi-nrpe.pp
new file mode 100644
index 0000000000..1243b0e73e
Binary files /dev/null and b/roles/nagios_client/files/selinux/fi-nrpe.pp differ
diff --git a/roles/nagios_client/files/selinux/fi-nrpe.te b/roles/nagios_client/files/selinux/fi-nrpe.te
new file mode 100644
index 0000000000..91bcdcc972
--- /dev/null
+++ b/roles/nagios_client/files/selinux/fi-nrpe.te
@@ -0,0 +1,11 @@
+module fi-nrpe 1.0;
+
+require {
+    type nagios_system_plugin_t;
+    type nrpe_exec_t;
+    class file getattr;
+}
+
+#============= nagios_system_plugin_t ==============
+allow nagios_system_plugin_t nrpe_exec_t:file getattr;
+
diff --git a/roles/nagios_client/tasks/main.yml b/roles/nagios_client/tasks/main.yml
index 0f47da9ada..afef03ad33 100644
--- a/roles/nagios_client/tasks/main.yml
+++ b/roles/nagios_client/tasks/main.yml
@@ -43,8 +43,20 @@
 # skvidal 2013-05-21
 
 
-# FIXME? figure out nrpe selinux policy of DOOM is needed
+# Three tasks for handling our custom selinux module
+- name: ensure a directory exists for our custom selinux module
+  file: dest=/usr/share/nrpe state=directory
 
+- name: copy over our custom selinux module
+  copy: src=selinux/fi-nrpe.pp dest=/usr/share/nrpe/fi-nrpe.pp
+  register: selinux_module
+
+- name: install our custom selinux module
+  command: semodule -i /usr/share/nrpe/fi-nrpe.pp
+  when: selinux_module|changed
+
+
+# Set up our base config.
 - name: /etc/nagios/nrpe.cfg
   template: src=nrpe.cfg.j2 dest=/etc/nagios/nrpe.cfg
   notify: