diff --git a/roles/_common/tasks/selinux.yml b/roles/_common/tasks/selinux.yml
index a52707676..42084e809 100644
--- a/roles/_common/tasks/selinux.yml
+++ b/roles/_common/tasks/selinux.yml
@@ -24,6 +24,7 @@
     - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}"
     - configure
     - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure"
+    - selinux
 
 - name: Install selinux python packages [clearlinux]
   ansible.builtin.package:
@@ -40,6 +41,7 @@
     - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}"
     - configure
     - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure"
+    - selinux
 
 - name: Allow port in SELinux
   community.general.seport:
@@ -56,3 +58,4 @@
     - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}"
     - configure
     - "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure"
+    - selinux
diff --git a/roles/ipmi_exporter/defaults/main.yml b/roles/ipmi_exporter/defaults/main.yml
index 30db5c59b..59e342bea 100644
--- a/roles/ipmi_exporter/defaults/main.yml
+++ b/roles/ipmi_exporter/defaults/main.yml
@@ -13,6 +13,15 @@ ipmi_exporter_modules:
       - chassis
       - sel
 
+ipmi_exporter_sudo_commands:
+  - /usr/sbin/ipmimonitoring
+  - /usr/sbin/ipmi-sensors
+  - /usr/sbin/ipmi-dcmi
+  - /usr/sbin/ipmi-raw
+  - /usr/sbin/bmc-info
+  - /usr/sbin/ipmi-chassis
+  - /usr/sbin/ipmi-sel
+
 ipmi_exporter_web_listen_address: "0.0.0.0:9290"
 
 ipmi_exporter_tls_server_config: {}
diff --git a/roles/ipmi_exporter/tasks/configure.yml b/roles/ipmi_exporter/tasks/configure.yml
index 25cc671ed..46d1a589d 100644
--- a/roles/ipmi_exporter/tasks/configure.yml
+++ b/roles/ipmi_exporter/tasks/configure.yml
@@ -30,3 +30,14 @@
     - ipmi_exporter
     - configure
     - ipmi_exporter_configure
+
+- name: Create sudoers file to allow passwordless IPMI commands
+  ansible.builtin.copy:
+    dest: "/etc/sudoers.d/{{ ipmi_exporter_system_user }}"
+    content: |
+      {{ ipmi_exporter_system_user }} ALL=(ALL) NOPASSWD: {{ ipmi_exporter_sudo_commands | join(', ') }}
+    owner: root
+    group: root
+    mode: '0440'
+  become: true
+  when: ipmi_exporter_system_user is defined
diff --git a/roles/ipmi_exporter/templates/ipmi_exporter.service.j2 b/roles/ipmi_exporter/templates/ipmi_exporter.service.j2
index eb88469a0..194fa4a94 100644
--- a/roles/ipmi_exporter/templates/ipmi_exporter.service.j2
+++ b/roles/ipmi_exporter/templates/ipmi_exporter.service.j2
@@ -23,13 +23,10 @@ RestartSec=1
 StartLimitInterval=0
 
 ProtectHome=yes
-NoNewPrivileges=yes
 
 {% if (ansible_facts.packages.systemd | first).version is version('232', '>=') %}
 ProtectSystem=strict
 ProtectControlGroups=true
-ProtectKernelModules=true
-ProtectKernelTunables=yes
 PrivateTmp=true
 {% else %}
 ProtectSystem=full