Related: #2216911 - Adding unconfined_t type to access namespaces

frr.if

@@ -183,3 +183,24 @@ ifndef(`sysnet_read_ifconfig_run',`
     read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
   ')
 ')
+
+########################################
+## <summary>
+##  Read unconfined_t files and dirs
+## </summary>
+## <param name="domain">
+##  <summary>
+##      Domain allowed access.
+##  </summary>
+## </param>
+#
+ifndef(`unconfined_read_files',`
+  interface(`unconfined_read_files',`
+    gen_require(`
+      type unconfined_t;
+    ')
+
+    allow $1 unconfined_t:file read_file_perms;
+    allow $1 unconfined_t:dir list_dir_perms;
+  ')
+')

frr.spec

@@ -7,7 +7,7 @@
 
 Name: frr
 Version: 7.5.1
-Release: 10%{?checkout}%{?dist}
+Release: 11%{?checkout}%{?dist}
 Summary: Routing daemon
 License: GPLv2+
 URL: http://www.frrouting.org
@@ -274,6 +274,9 @@ make check PYTHON=%{__python3}
 %endif
 
 %changelog
+* Mon Aug 21 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-11
+- Related: #2216911 - Adding unconfined_t type to access namespaces
+
 * Thu Aug 17 2023 Michal Ruprich <mruprich@redhat.com> - 7.5.1-10
 - Related: #2226803 - Adding patch
 

frr.te

@@ -108,6 +108,10 @@ optional_policy(`
 	logging_send_syslog_msg(frr_t)
 ')
 
+optional_policy(`
+  unconfined_read_files(frr_t)
+')
+
 optional_policy(`
 	modutils_exec_kmod(frr_t)
 	modutils_getattr_module_deps(frr_t)