From ca06a432672afcde3996af9395867213e3964ad3 Mon Sep 17 00:00:00 2001
From: Michal Ruprich <mruprich@redhat.com>
Date: Fri, 1 Sep 2023 13:15:04 +0200
Subject: [PATCH] Adding a couple of SELinux rules, includes fix for
 rhbz#2149299

---
 frr.spec | 5 ++++-
 frr.te   | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/frr.spec b/frr.spec
index b1ac418..66b49e2 100644
--- a/frr.spec
+++ b/frr.spec
@@ -9,7 +9,7 @@
 
 Name:           frr
 Version:        8.5.2
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Routing daemon
 License:        GPL-2.0-or-later AND ISC AND LGPL-2.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND (GPL-2.0-or-later  OR ISC) AND MIT
 URL:            http://www.frrouting.org
@@ -274,6 +274,9 @@ rm tests/lib/*grpc*
 %endif
 
 %changelog
+* Fri Sep 01 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.2-4
+- Adding a couple of SELinux rules, includes fix for rhbz#2149299
+
 * Wed Aug 30 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 8.5.2-3
 - Rebuilt for abseil-cpp 20230802.0
 
diff --git a/frr.te b/frr.te
index 9cccae9..47c064f 100644
--- a/frr.te
+++ b/frr.te
@@ -70,6 +70,7 @@ can_exec(frr_t, frr_exec_t)
 kernel_read_network_state(frr_t)
 kernel_rw_net_sysctls(frr_t)
 kernel_read_system_state(frr_t)
+kernel_request_load_module(frr_t)
 
 auth_use_nsswitch(frr_t)
 
@@ -100,6 +101,8 @@ sysnet_exec_ifconfig(frr_t)
 sysnet_read_ifconfig_run(frr_t)
 sysnet_watch_ifconfig_run(frr_t)
 
+ipsec_domtrans_mgmt(frr_t)
+
 userdom_read_admin_home_files(frr_t)
 
 optional_policy(`