diff --git a/frr.spec b/frr.spec
index 99b22dd..49fa534 100644
--- a/frr.spec
+++ b/frr.spec
@@ -7,7 +7,7 @@
 
 Name:           frr
 Version:        8.3.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Routing daemon
 License:        GPLv2+
 URL:            http://www.frrouting.org
@@ -214,8 +214,10 @@ fi
 %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
 %selinux_relabel_post -s %{selinuxtype}
 #/var/tmp and /var/run need to be relabeled as well if FRR is running before upgrade
-%{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null
-%{_sbindir}/restorecon -R /var/run/frr &> /dev/null
+if [ $1 == 2 ]; then
+    %{_sbindir}/restorecon -R /var/tmp/frr &> /dev/null
+    %{_sbindir}/restorecon -R /var/run/frr &> /dev/null
+fi
 
 %postun selinux
 if [ $1 -eq 0 ]; then
@@ -262,6 +264,9 @@ rm tests/lib/*grpc*
 %endif
 
 %changelog
+* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-4
+- Adding a couple of rules to tackle AVCs
+
 * Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-3
 - Resolves: #2124254 - frr can no longer update routes
 
diff --git a/frr.te b/frr.te
index 8f5400e..02d4aa9 100644
--- a/frr.te
+++ b/frr.te
@@ -82,6 +82,7 @@ corenet_udp_bind_bfd_multi_port(frr_t)
 corenet_tcp_bind_bgp_port(frr_t)
 corenet_tcp_bind_cmadmin_port(frr_t)
 corenet_udp_bind_cmadmin_port(frr_t)
+corenet_tcp_bind_generic_port(frr_t)
 corenet_tcp_bind_firepower_port(frr_t)
 corenet_tcp_bind_priority_e_com_port(frr_t)
 corenet_udp_bind_router_port(frr_t)
@@ -112,3 +113,7 @@ optional_policy(`
 optional_policy(`
 	networkmanager_read_state(frr_t)
 ')
+
+optional_policy(`
+        userdom_admin_home_dir_filetrans(frr_t, frr_conf_t, file, ".history_frr")
+')