Add new selinux module for nagios 4.2

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

roles/nagios/server/files/selinux/Makefile

@@ -2,3 +2,6 @@ module:
 	checkmodule -Mmo nagios_hostname.mod nagios_hostname.te
 	semodule_package -o nagios_hostname.pp -m nagios_hostname.mod
 	rm nagios_hostname.mod
+	checkmodule -Mmo nagios_42.mod nagios_42.te
+	semodule_package -o nagios_42.pp -m nagios_42.mod
+	rm nagios_42.mod

roles/nagios/server/files/selinux/nagios_42.te

@@ -0,0 +1,15 @@
+# Custom policy by puiterwijk for Nagios 4.2 in Fedora Infra
+module nagios_42 1.0;
+
+require {
+    type nagios_services_plugin_t;
+    type devlog_t;
+    type kernel_t;
+    class sock_file write;
+    class unix_dgram_socket { sendto connect create };
+};
+
+#============= nagios_services_plugin_t ==============
+allow nagios_services_plugin_t devlog_t:sock_file write;
+allow nagios_services_plugin_t kernel_t:unix_dgram_socket sendto;
+allow nagios_services_plugin_t self:unix_dgram_socket { connect create };

roles/nagios/server/tasks/main.yml

@@ -133,6 +133,18 @@
   tags:
   - nagios/server
 
+- name: Copy over our custom nagios 4.2 selinux module
+  copy: src=selinux/nagios_42.pp dest=/usr/local/share/nagios-policy/nagios_42.pp
+  register: selinux_module
+  tags:
+  - nagios/server
+
+- name: Install our custom nagios 4.2 selinux module
+  command: semodule -i /usr/local/share/nagios-policy/nagios_42.pp
+  when: selinux_module|changed
+  tags:
+  - nagios/server
+
 - name: Start and autostart services
   service: name={{item}} state=started enabled=yes
   with_items: