Fix #69

README.md

@@ -192,7 +192,9 @@ You have two options, how to get additional Docker permissions:
 usermod -aG docker zabbix
 ```
 
-- Or edit zabbix_agentd.conf and set AllowRoot (Zabbix agent with root
+Or
+
+- Edit zabbix_agentd.conf and set AllowRoot (Zabbix agent with root
 permissions):
 
 ```
@@ -206,7 +208,7 @@ SELinux
 -------
 If you are on a system that have `SELinux` in enforcing-mode (check with `getenforce`), you can make it work with this SELinux module. This module will persist reboots.
 
-*zabbix-docker.te*
+*[zabbix-docker.te](https://raw.githubusercontent.com/monitoringartist/zabbix-docker-monitoring/master/selinux/zabbix-docker.te)*
 ```
 module zabbix-docker 1.1;
 

selinux/zabbix-docker.te

@@ -0,0 +1,26 @@
+module zabbix-docker 1.1;
+
+require {
+        type docker_var_run_t;
+        type unreserved_port_t;
+        type zabbix_agent_t;
+        type docker_t;
+        type cgroup_t;
+        type modules_object_t;
+        class sock_file write;
+        class unix_stream_socket connectto;
+        class capability dac_override;
+        class tcp_socket name_connect;
+        class file { ioctl read getattr lock open execute };
+        class dir { ioctl read getattr lock add_name reparent search open };
+}
+
+#============= zabbix_agent_t ==============
+
+allow zabbix_agent_t docker_t:unix_stream_socket connectto;
+allow zabbix_agent_t docker_var_run_t:sock_file write;
+allow zabbix_agent_t self:capability dac_override;
+allow zabbix_agent_t unreserved_port_t:tcp_socket name_connect;
+allow zabbix_agent_t cgroup_t:file { ioctl read getattr lock open };
+allow zabbix_agent_t cgroup_t:dir { ioctl read getattr lock search open };
+allow zabbix_agent_t modules_object_t:file { read open execute };