diff --git a/frr.spec b/frr.spec
index 981ae0b..6875ba4 100644
--- a/frr.spec
+++ b/frr.spec
@@ -7,7 +7,7 @@
 
 Name: frr
 Version: 8.3.1
-Release: 9%{?checkout}%{?dist}
+Release: 10%{?checkout}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
@@ -280,6 +280,9 @@ make check PYTHON=%{__python3}
 %endif
 
 %changelog
+* Thu Aug 10 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-10
+- Related: #2216912 - adding sys_admin to capabilities
+
 * Tue Aug 08 2023 Michal Ruprich <mruprich@redhat.com> - 8.3.1-9
 - Resolves: #2215346 - frr policy does not allow the execution of /usr/sbin/ipsec
 
diff --git a/frr.te b/frr.te
index 9e72b3f..d9d1169 100644
--- a/frr.te
+++ b/frr.te
@@ -31,7 +31,7 @@ files_pid_file(frr_var_run_t)
 #
 # frr local policy
 #
-allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
+allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
 allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
 allow frr_t self:packet_socket create_socket_perms;
 allow frr_t self:process { setcap setpgid };