diff --git a/frr.if b/frr.if
index d96499d..d30c0bb 100644
--- a/frr.if
+++ b/frr.if
@@ -160,3 +160,56 @@ interface(`frr_admin',`
 		systemd_read_fifo_file_passwd_run($1)
 	')
 ')
+
+########################################
+#
+# Interface compatibility blocks
+#
+# The following definitions ensure compatibility with distribution policy
+# versions that do not contain given interfaces (epel, or older Fedora
+# releases).
+# Each block tests for existence of given interface and defines it if needed.
+#
+
+######################################
+## <summary>
+##	Watch ifconfig_var_run_t directories
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+ifndef(`sysnet_watch_ifconfig_run',`
+	interface(`sysnet_watch_ifconfig_run',`
+		gen_require(`
+			type ifconfig_var_run_t;
+		')
+
+		watch_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+	')
+')
+
+########################################
+## <summary>
+##	Read ifconfig_var_run_t files and link files
+## </summary>
+## <param name="domain">
+##	<summary>
+##      Domain allowed access.
+##	</summary>
+## </param>
+#
+ifndef(`sysnet_read_ifconfig_run',`
+	interface(`sysnet_read_ifconfig_run',`
+		gen_require(`
+			type ifconfig_var_run_t;
+		')
+
+		list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+		read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+		read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+	')
+')
+
diff --git a/frr.spec b/frr.spec
index 74a625c..3e567bd 100644
--- a/frr.spec
+++ b/frr.spec
@@ -9,7 +9,7 @@
 
 Name:           frr
 Version:        8.5.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Routing daemon
 License:        GPL-2.0-or-later AND ISC AND LGPL-2.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND (GPL-2.0-or-later  OR ISC) AND MIT
 URL:            http://www.frrouting.org
@@ -273,6 +273,9 @@ rm tests/lib/*grpc*
 %endif
 
 %changelog
+* Mon Jun 26 2023 Michal Ruprich <mruprich@redhat.com> - 8.5.1-4
+- Resolves: #2216073 - SELinux is preventing FRR-Zebra to access to network namespaces.
+
 * Mon Jun 05 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 8.5.1-3
 - Disable grpc in RHEL builds
 
diff --git a/frr.te b/frr.te
index b7ed1c2..20fc95d 100644
--- a/frr.te
+++ b/frr.te
@@ -31,7 +31,7 @@ files_pid_file(frr_var_run_t)
 #
 # frr local policy
 #
-allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
+allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
 allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
 allow frr_t self:packet_socket { create setopt };
 allow frr_t self:process { setcap setpgid };
@@ -97,6 +97,8 @@ domain_use_interactive_fds(frr_t)
 fs_read_nsfs_files(frr_t)
 
 sysnet_exec_ifconfig(frr_t)
+sysnet_read_ifconfig_run(frr_t)
+sysnet_watch_ifconfig_run(frr_t)
 
 userdom_read_admin_home_files(frr_t)