diff --git a/frr.if b/frr.if
index d96499d..8dbabba 100644
--- a/frr.if
+++ b/frr.if
@@ -160,3 +160,55 @@ interface(`frr_admin',`
systemd_read_fifo_file_passwd_run($1)
')
')
+
+########################################
+#
+# Interface compatibility blocks
+#
+# The following definitions ensure compatibility with distribution policy
+# versions that do not contain given interfaces (epel, or older Fedora
+# releases).
+# Each block tests for existence of given interface and defines it if needed.
+#
+
+######################################
+##
+## Watch ifconfig_var_run_t directories
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+ifndef(`sysnet_watch_ifconfig_run',`
+ interface(`sysnet_watch_ifconfig_run',`
+ gen_require(`
+ type ifconfig_var_run_t;
+ ')
+
+ watch_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+ ')
+')
+
+########################################
+##
+## Read ifconfig_var_run_t files and link files
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+ifndef(`sysnet_read_ifconfig_run',`
+ interface(`sysnet_read_ifconfig_run',`
+ gen_require(`
+ type ifconfig_var_run_t;
+ ')
+
+ list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+ read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+ read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+ ')
+')
diff --git a/frr.spec b/frr.spec
index 6215449..fc494da 100644
--- a/frr.spec
+++ b/frr.spec
@@ -7,7 +7,7 @@
Name: frr
Version: 8.3.1
-Release: 7%{?checkout}%{?dist}
+Release: 8%{?checkout}%{?dist}
Summary: Routing daemon
License: GPLv2+
URL: http://www.frrouting.org
@@ -280,6 +280,9 @@ make check PYTHON=%{__python3}
%endif
%changelog
+* Mon Aug 07 2023 Michal Ruprich - 8.3.1-8
+- Resolves: #2216912 - SELinux is preventing FRR-Zebra to access to network namespaces
+
* Wed Jun 07 2023 Michal Ruprich - 8.3.1-7
- Resolves: #2168855 - BFD not working through VRF
diff --git a/frr.te b/frr.te
index 0178c2a..bec86d3 100644
--- a/frr.te
+++ b/frr.te
@@ -33,7 +33,7 @@ files_pid_file(frr_var_run_t)
#
allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
-allow frr_t self:packet_socket create;
+allow frr_t self:packet_socket create_socket_perms;
allow frr_t self:process { setcap setpgid };
allow frr_t self:rawip_socket create_socket_perms;
allow frr_t self:tcp_socket { connect connected_stream_socket_perms };
@@ -95,6 +95,8 @@ domain_use_interactive_fds(frr_t)
fs_read_nsfs_files(frr_t)
sysnet_exec_ifconfig(frr_t)
+sysnet_read_ifconfig_run(frr_t)
+sysnet_watch_ifconfig_run(frr_t)
userdom_read_admin_home_files(frr_t)