diff --git a/.gitignore b/.gitignore
index b300b597d..ce91cc8c4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,6 @@ cmake-build-debug
 /Testing/
 /install/
 /vendor/
+tools/selinux/icinga2.pp
+tools/selinux/icinga2_selinux.8
+tools/selinux/tmp
diff --git a/tools/selinux/icinga2.fc b/tools/selinux/icinga2.fc
index f1cb5a619..325728d31 100644
--- a/tools/selinux/icinga2.fc
+++ b/tools/selinux/icinga2.fc
@@ -7,7 +7,8 @@
 /etc/icinga2/scripts(/.*)?	 --	gen_context(system_u:object_r:nagios_notification_plugin_exec_t,s0)
 
 /usr/sbin/icinga2		--	gen_context(system_u:object_r:icinga2_exec_t,s0)
-/usr/lib64/icinga2/sbin/icinga2		--	gen_context(system_u:object_r:icinga2_exec_t,s0)
+/usr/lib/icinga2/sbin/icinga2		--	gen_context(system_u:object_r:icinga2_exec_t,s0)
+/usr/lib/icinga2/safe-reload           --      gen_context(system_u:object_r:icinga2_exec_t,s0)
 
 /var/lib/icinga2(/.*)?		gen_context(system_u:object_r:icinga2_var_lib_t,s0)
 
diff --git a/tools/selinux/icinga2.sh b/tools/selinux/icinga2.sh
index 86d5d1847..7b68451f7 100755
--- a/tools/selinux/icinga2.sh
+++ b/tools/selinux/icinga2.sh
@@ -47,6 +47,7 @@ sepolicy manpage -p . -d icinga2_t
 # Fixing the file context on /usr/sbin/icinga2
 /sbin/restorecon -F -R -v /usr/sbin/icinga2
 /sbin/restorecon -F -R -v /usr/lib64/icinga2/sbin/icinga2
+/sbin/restorecon -F -R -v /usr/lib/icinga2/safe-reload
 # Fixing the file context on /etc/rc\.d/init\.d/icinga2
 #/sbin/restorecon -F -R -v /etc/rc\.d/init\.d/icinga2
 # Fixing the file context on /usr/lib/systemd/system/icinga2.*
diff --git a/tools/selinux/icinga2.te b/tools/selinux/icinga2.te
index 17b1825a9..7b32eaec5 100644
--- a/tools/selinux/icinga2.te
+++ b/tools/selinux/icinga2.te
@@ -1,4 +1,4 @@
-policy_module(icinga2, 0.2.1)
+policy_module(icinga2, 0.2.2)
 
 ########################################
 #
@@ -93,12 +93,14 @@ corenet_port(icinga2_port_t)
 #
 # icinga2 local policy
 #
-allow icinga2_t self:capability { setgid setuid sys_resource };
+allow icinga2_t self:capability { setgid setuid sys_resource kill };
 allow icinga2_t self:process { setsched signal setrlimit };
 allow icinga2_t self:fifo_file rw_fifo_file_perms;
 allow icinga2_t self:unix_dgram_socket create_socket_perms;
 allow icinga2_t self:unix_stream_socket create_stream_socket_perms;
 
+allow icinga2_t icinga2_exec_t:file execute_no_trans;
+
 list_dirs_pattern(icinga2_t, icinga2_etc_t, icinga2_etc_t)
 read_files_pattern(icinga2_t, icinga2_etc_t, icinga2_etc_t)
 read_lnk_files_pattern(icinga2_t, icinga2_etc_t, icinga2_etc_t)