icingaweb2-selinux misses httpd-can-connect-icinga2-api seboolean

[mocdaniel]

Describe the bug

On Oracle Linux 8.9, the package icingaweb2-selinux in Version 2.12.1-1 doesn't contain the seboolean httpd_can_connect_icinga2_api which is needed for e.g. director deployments.

Instead, the boolean seems to be shipped with the icinga2-selinux package.

Is this a mistake? It's very well possible that the system that hosts Icinga Web doesn't have Icinga installed, so there wouldn't be icinga2-selinux installed, either.

We also spotted a few other sebooleans seemingly missing from the icingaweb2-selinux package, e.g. httpd_can_write_icinga2_command.

To Reproduce

1. Install icingaweb2 and icingaweb2-selinux on an Oracle Linux system
2. See the policies being missing: getsebool -a | grep icinga
3. Install icinga2-selinux (it will also install other, unneeded dependencies)
4. See the policies have been added: getsebool -a | grep icinga

Expected behavior

All sebooleans needed for Icinga Web/httpd to communicate with Icinga should be shipped with the icingaweb2-selinux package

Your Environment

Include as many relevant details about the environment you experienced the problem in

• Icinga Web 2 version and modules (System - About):
  • Icinga Web: 2.12.1
  • Director: 1.11.0
• Web browser used: Chrome
• Icinga 2 version used (icinga2 --version): 2.14.0
• PHP version used (php --version): 7.2.24
• Server operating system and version: Oracle Linux 8.9