diff --git a/.gitignore b/.gitignore
index c4e4f4d..33ef4d8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,3 +16,4 @@
/frr-8.4.2.tar.gz
/frr-8.5.tar.gz
/frr-8.5.1.tar.gz
+/frr-8.5.2.tar.gz
diff --git a/frr.if b/frr.if
index d96499d..d30c0bb 100644
--- a/frr.if
+++ b/frr.if
@@ -160,3 +160,56 @@ interface(`frr_admin',`
systemd_read_fifo_file_passwd_run($1)
')
')
+
+########################################
+#
+# Interface compatibility blocks
+#
+# The following definitions ensure compatibility with distribution policy
+# versions that do not contain given interfaces (epel, or older Fedora
+# releases).
+# Each block tests for existence of given interface and defines it if needed.
+#
+
+######################################
+##
+## Watch ifconfig_var_run_t directories
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+ifndef(`sysnet_watch_ifconfig_run',`
+ interface(`sysnet_watch_ifconfig_run',`
+ gen_require(`
+ type ifconfig_var_run_t;
+ ')
+
+ watch_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+ ')
+')
+
+########################################
+##
+## Read ifconfig_var_run_t files and link files
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+ifndef(`sysnet_read_ifconfig_run',`
+ interface(`sysnet_read_ifconfig_run',`
+ gen_require(`
+ type ifconfig_var_run_t;
+ ')
+
+ list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+ read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+ read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+ ')
+')
+
diff --git a/frr.spec b/frr.spec
index 0c6875b..22b28f7 100644
--- a/frr.spec
+++ b/frr.spec
@@ -6,7 +6,7 @@
%bcond_without selinux
Name: frr
-Version: 8.5.1
+Version: 8.5.2
Release: 1%{?dist}
Summary: Routing daemon
License: GPLv2+
@@ -267,6 +267,10 @@ rm tests/lib/*grpc*
%endif
%changelog
+* Fri Jun 30 2023 Michal Ruprich - 8.5.2-1
+- New version 8.5.2
+- Fixing a couple of SELinux issues
+
* Wed Apr 26 2023 Michal Ruprich - 8.5.1-1
- New version 8.5.1
diff --git a/frr.te b/frr.te
index b7ed1c2..20fc95d 100644
--- a/frr.te
+++ b/frr.te
@@ -31,7 +31,7 @@ files_pid_file(frr_var_run_t)
#
# frr local policy
#
-allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
+allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
allow frr_t self:packet_socket { create setopt };
allow frr_t self:process { setcap setpgid };
@@ -97,6 +97,8 @@ domain_use_interactive_fds(frr_t)
fs_read_nsfs_files(frr_t)
sysnet_exec_ifconfig(frr_t)
+sysnet_read_ifconfig_run(frr_t)
+sysnet_watch_ifconfig_run(frr_t)
userdom_read_admin_home_files(frr_t)
diff --git a/sources b/sources
index 9c26a36..7bb9433 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (frr-8.5.1.tar.gz) = 90da4900a178dbe0ddd763e3e39734cf720fe255a4b56563b8f9200276c5e01668d0cf7bae399b25dd4753d574866a87200d1fcf2d03a7421a81104129abd29c
+SHA512 (frr-8.5.2.tar.gz) = a5eadd8c88966b58ebc0e7b92311bda16b391abe727861eed772ded678f5a84d84421fbfd4b23c4a2b18ab3d2dcd5b2c9099491dab6958b63c39a9c67c4508d2
SHA512 (remove-babeld-ldpd.sh) = a5bf67a3722cb20d43cef1dac28f839db68df73a1b7d34d8438e4f9366da3b67d85c1f44281f93434e8dd8ebcb2d3dc258b77eaa5627475b7395d207f020839d