diff --git a/roles/copr/backend/files/selinux/compile.sh b/roles/copr/backend/files/selinux/compile.sh
new file mode 100644
index 0000000000..f37b46c00f
--- /dev/null
+++ b/roles/copr/backend/files/selinux/compile.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+checkmodule -M -m -o nrpe_copr.mod nrpe_copr.te
+semodule_package -o nrpe_copr.pp -m nrpe_copr.mod
diff --git a/roles/copr/backend/files/selinux/nrpe_copr.mod b/roles/copr/backend/files/selinux/nrpe_copr.mod
new file mode 100644
index 0000000000..5ebf1b7fa3
Binary files /dev/null and b/roles/copr/backend/files/selinux/nrpe_copr.mod differ
diff --git a/roles/copr/backend/files/selinux/nrpe_copr.pp b/roles/copr/backend/files/selinux/nrpe_copr.pp
new file mode 100644
index 0000000000..ee51973408
Binary files /dev/null and b/roles/copr/backend/files/selinux/nrpe_copr.pp differ
diff --git a/roles/copr/backend/files/selinux/nrpe_copr.te b/roles/copr/backend/files/selinux/nrpe_copr.te
new file mode 100644
index 0000000000..9eccd7a589
--- /dev/null
+++ b/roles/copr/backend/files/selinux/nrpe_copr.te
@@ -0,0 +1,11 @@
+
+module copr_nrpe 1.0;
+
+require {
+	type redis_port_t;
+	type nrpe_t;
+	class tcp_socket name_connect;
+}
+
+#============= nrpe_t ==============
+allow nrpe_t redis_port_t:tcp_socket name_connect;
diff --git a/roles/copr/backend/tasks/main.yml b/roles/copr/backend/tasks/main.yml
index 0715057e5b..64b7acf446 100644
--- a/roles/copr/backend/tasks/main.yml
+++ b/roles/copr/backend/tasks/main.yml
@@ -121,7 +121,7 @@
   tags:
   - config
 
-- name: copy signe.conf
+- name: copy sign.conf
   template: src=sign.conf dest=/etc/sign.conf  owner=root group=copr mode=640
   tags:
   - config
@@ -142,9 +142,5 @@
 - cron: name="kill VMs in error state" minute="*/15"  job="/root/instant-instance-killer.sh"
   when: not devel
 
-- name: install nrpe checks
-  template: src=copr_backend_nrpe.cfg dest=/etc/nrpe.d/copr_backend_nrpe.cfg
-  notify:
-  - restart nrpe
-  tags:
-  - nagios_client
+- name: setup monitoring
+  include: "monitoring.yml"
diff --git a/roles/copr/backend/tasks/monitoring.yml b/roles/copr/backend/tasks/monitoring.yml
new file mode 100644
index 0000000000..dd37fc282d
--- /dev/null
+++ b/roles/copr/backend/tasks/monitoring.yml
@@ -0,0 +1,18 @@
+- name: install nrpe checks
+  template: src=copr_backend_nrpe.cfg dest=/etc/nrpe.d/copr_backend_nrpe.cfg
+  notify:
+  - restart nrpe
+  tags:
+  - nagios_client
+
+# Three tasks for handling our custom selinux module
+- name: ensure a directory exists for our custom selinux module
+  file: dest=/usr/local/share/copr state=directory
+
+- name: copy over our custom selinux module
+  copy: src=selinux/nrpe_copr.pp dest=/usr/local/share/copr/fedmsg.pp
+  register: selinux_module
+
+- name: install our custom selinux module
+  command: semodule -i /usr/local/share/copr/fedmsg.pp
+  when: selinux_module|changed