From cda58a81193b3f6f656eee9da9d1eb5a61bf6309 Mon Sep 17 00:00:00 2001
From: ETES-Stuttgart <87643186+ETES-Stuttgart@users.noreply.github.com>
Date: Wed, 13 Aug 2025 08:19:01 +0200
Subject: [PATCH] Allow Icinga to send (kill-) signal to nagios plugins in
 SELinux Policy

---
 tools/selinux/icinga2.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/selinux/icinga2.te b/tools/selinux/icinga2.te
index 0f50908dac3..060370a5aef 100644
--- a/tools/selinux/icinga2.te
+++ b/tools/selinux/icinga2.te
@@ -102,6 +102,10 @@ allow icinga2_t self:unix_stream_socket create_stream_socket_perms;
 
 allow icinga2_t icinga2_exec_t:file execute_no_trans;
 
+allow icinga2_t nagios_mail_plugin_exec_t:process signal;
+allow icinga2_t nagios_checkdisk_plugin_t:process signal;
+allow icinga2_t nagios_unconfined_plugin_t:process signal;
+
 list_dirs_pattern(icinga2_t, icinga2_etc_t, icinga2_etc_t)
 read_files_pattern(icinga2_t, icinga2_etc_t, icinga2_etc_t)
 read_lnk_files_pattern(icinga2_t, icinga2_etc_t, icinga2_etc_t)