Resolves: #2216911 - SELinux is preventing FRR-Zebra to access to network namespaces

frr.if

@@ -160,3 +160,26 @@ interface(`frr_admin',`
 		systemd_read_fifo_file_passwd_run($1)
 	')
 ')
+
+########################################
+## <summary>
+##  Read ifconfig_var_run_t files and link files
+## </summary>
+## <param name="domain">
+##  <summary>
+##      Domain allowed access.
+##  </summary>
+## </param>
+#
+ifndef(`sysnet_read_ifconfig_run',`
+  interface(`sysnet_read_ifconfig_run',`
+    gen_require(`
+      type ifconfig_var_run_t;
+    ')
+
+    manage_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+    list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+    read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+    read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+  ')
+')

frr.spec

@@ -7,7 +7,7 @@
 
 Name: frr
 Version: 7.5.1
-Release: 7%{?checkout}%{?dist}
+Release: 8%{?checkout}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
@@ -273,6 +273,9 @@ make check PYTHON=%{__python3}
 %endif
 
 %changelog
+* Fri Aug 11 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-8
+- Resolves: #2216911 - SELinux is preventing FRR-Zebra to access to network namespaces
+
 * Wed Nov 30 2022 Michal Ruprich <mruprich@redhat.com> - 7.5.1-7
 - Resolves: #2128737 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service
 

frr.te

@@ -96,6 +96,7 @@ fs_read_nsfs_files(frr_t)
 fs_search_cgroup_dirs(frr_t)
 
 sysnet_exec_ifconfig(frr_t)
+sysnet_read_ifconfig_run(frr_t)
 
 userdom_read_admin_home_files(frr_t)