From a7b3783ddc917878ed6e49f128531aff92837078 Mon Sep 17 00:00:00 2001
From: Michal Ruprich <mruprich@redhat.com>
Date: Fri, 9 Sep 2022 16:14:11 +0200
Subject: [PATCH] Resolves: #2124254 - frr can no longer update routes

---
 frr.spec | 7 +++++--
 frr.te   | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/frr.spec b/frr.spec
index 87d7872..80e7e4d 100644
--- a/frr.spec
+++ b/frr.spec
@@ -7,7 +7,7 @@
 
 Name:           frr
 Version:        8.3.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Routing daemon
 License:        GPLv2+
 URL:            http://www.frrouting.org
@@ -66,7 +66,7 @@ Requires(postun): systemd
 Requires(preun): systemd
 
 %if 0%{?with_selinux}
-Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
+Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
 %endif
 
 Obsoletes:      quagga < 1.2.4-17
@@ -262,6 +262,9 @@ rm tests/lib/*grpc*
 %endif
 
 %changelog
+* Fri Sep 09 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-3
+- Resolves: #2124254 - frr can no longer update routes
+
 * Wed Sep 07 2022 Michal Ruprich <mruprich@redhat.com> - 8.3.1-2
 - Resolves: #2124253 - SELinux is preventing zebra from setattr access on the directory frr
 - Better handling FRR files during upgrade
diff --git a/frr.te b/frr.te
index db69262..d8782ba 100644
--- a/frr.te
+++ b/frr.te
@@ -31,7 +31,7 @@ files_pid_file(frr_var_run_t)
 #
 # frr local policy
 #
-allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid };
+allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
 allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
 allow frr_t self:packet_socket create;
 allow frr_t self:process { setcap setpgid };