Description of problem:
The nagios-selinux package replaces the system nagios SELinux module with one
that appears to prohibit most common Nagios operations. "Unconfined" plugins
such as check_procs do not work at all without disabling SELinux.

I have a small reproducer below that uses NRPE rather than a full Nagios
install. Plugins work normally with the default selinux-policy-targeted, but
fail if nagios-selinux is installed.

Version-Release number of selected component (if applicable):
nagios-selinux-4.4.6-7.el9~bootstrap.noarch

How reproducible:
Always

Steps to Reproduce:
% dnf install nrpe nagios-plugins-procs nagios-plugins-nrpe
% systemctl start nrpe
% /usr/lib64/nagios/plugins/check_nrpe -H localhost -c check_total_procs
PROCS OK: 113 processes | procs=113;150;200;0;
% dnf install nagios-selinux
% /usr/lib64/nagios/plugins/check_nrpe -H localhost -c check_total_procs
Unable to read output
% grep avc /var/log/audit/audit.log |tail -1
type=AVC msg=audit(1658426463.166:127): avc:  denied  { execute } for  pid=1792 comm="check_procs" name="ps" dev="dm-0" ino=4330077 scontext=system_u:system_r:nagios_unconfined_plugin_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0

Actual results:
nagios_unconfined_plugin_t plugins such as check_procs are denied by SELinux.

Expected results:
Plugins work without SELinux denials.

Additional info:
I see similar avc denials for virtually every plugin on my full Nagios server,
but these all go away and everything works normally (at least for me) if I
rpm -e --nodeps nagios-selinux

My Nagios install worked before with RHEL 8.6, but I notice the nagios
RPM didn't require nagios-selinux at that time (and I didn't have it installed).