check_yum selinux policy

nrpeyum.te

module nrpeyum 1.0;

require {
	type nagios_system_plugin_t;
	type net_conf_t;
	type tmp_t;
	type devlog_t;
	type boot_t;
	type syslogd_t;
	type http_port_t;
	type rpm_exec_t;
	type rpm_var_lib_t;
        type rpm_var_cache_t;
	class process setsched;
	class tcp_socket { getopt create name_connect connect };
	class file { read lock ioctl execute_no_trans write getattr open };
	class sock_file { write getattr };
	class netlink_route_socket { bind create getattr nlmsg_read };
	class unix_dgram_socket { create connect sendto };
	class udp_socket { create connect getattr };
	class dir read;
}

#============= nagios_system_plugin_t ==============
allow nagios_system_plugin_t boot_t:dir read;
allow nagios_system_plugin_t devlog_t:sock_file { write getattr };
allow nagios_system_plugin_t http_port_t:tcp_socket name_connect;
allow nagios_system_plugin_t net_conf_t:file { read getattr open };
allow nagios_system_plugin_t rpm_exec_t:file { read getattr open ioctl execute_no_trans };
allow nagios_system_plugin_t rpm_var_lib_t:file open;
allow nagios_system_plugin_t rpm_var_cache_t:file open;
allow nagios_system_plugin_t self:netlink_route_socket { bind create getattr nlmsg_read };
allow nagios_system_plugin_t self:process setsched;
allow nagios_system_plugin_t self:tcp_socket { getopt create connect };
allow nagios_system_plugin_t self:udp_socket { create connect getattr };
allow nagios_system_plugin_t self:unix_dgram_socket { create connect };
allow nagios_system_plugin_t syslogd_t:unix_dgram_socket sendto;
#!!!! The source type 'nagios_system_plugin_t' can write to a 'file' of the following types:
# nagios_eventhandler_plugin_tmp_t, nagios_system_plugin_tmp_t

allow nagios_system_plugin_t tmp_t:file { read lock getattr write open };