diff --git a/SOURCES/0014-bfd-crash-in-MetalLB.patch b/SOURCES/0014-bfd-profile-crash.patch
similarity index 100%
rename from SOURCES/0014-bfd-crash-in-MetalLB.patch
rename to SOURCES/0014-bfd-profile-crash.patch
diff --git a/SOURCES/frr.if b/SOURCES/frr.if
index d96499d..b580159 100644
--- a/SOURCES/frr.if
+++ b/SOURCES/frr.if
@@ -160,3 +160,47 @@ interface(`frr_admin',`
systemd_read_fifo_file_passwd_run($1)
')
')
+
+########################################
+##
+## Read ifconfig_var_run_t files and link files
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+ifndef(`sysnet_read_ifconfig_run',`
+ interface(`sysnet_read_ifconfig_run',`
+ gen_require(`
+ type ifconfig_var_run_t;
+ ')
+
+ manage_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+ list_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+ read_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+ read_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
+ ')
+')
+
+########################################
+##
+## Read unconfined_t files and dirs
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+ifndef(`unconfined_read_files',`
+ interface(`unconfined_read_files',`
+ gen_require(`
+ type unconfined_t;
+ ')
+
+ allow $1 unconfined_t:file read_file_perms;
+ allow $1 unconfined_t:dir list_dir_perms;
+ ')
+')
diff --git a/SOURCES/frr.te b/SOURCES/frr.te
index e41b75d..a1c8bee 100644
--- a/SOURCES/frr.te
+++ b/SOURCES/frr.te
@@ -31,7 +31,7 @@ files_pid_file(frr_var_run_t)
#
# frr local policy
#
-allow frr_t self:capability { fowner fsetid chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin };
+allow frr_t self:capability { fowner fsetid chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin };
allow frr_t self:netlink_route_socket rw_netlink_socket_perms;
allow frr_t self:packet_socket create;
allow frr_t self:process { setcap setpgid };
@@ -96,6 +96,7 @@ fs_read_nsfs_files(frr_t)
fs_search_cgroup_dirs(frr_t)
sysnet_exec_ifconfig(frr_t)
+sysnet_read_ifconfig_run(frr_t)
userdom_read_admin_home_files(frr_t)
@@ -107,6 +108,10 @@ optional_policy(`
logging_send_syslog_msg(frr_t)
')
+optional_policy(`
+ unconfined_read_files(frr_t)
+')
+
optional_policy(`
modutils_exec_kmod(frr_t)
modutils_getattr_module_deps(frr_t)
diff --git a/SPECS/frr.spec b/SPECS/frr.spec
index 9d39f93..e68dce7 100644
--- a/SPECS/frr.spec
+++ b/SPECS/frr.spec
@@ -7,7 +7,7 @@
Name: frr
Version: 7.5.1
-Release: 7%{?checkout}%{?dist}.2
+Release: 13%{?checkout}%{?dist}
Summary: Routing daemon
License: GPLv2+
URL: http://www.frrouting.org
@@ -53,7 +53,7 @@ Patch0010: 0010-moving-executables.patch
Patch0011: 0011-reload-bfd-profile.patch
Patch0012: 0012-graceful-restart.patch
Patch0013: 0013-CVE-2022-37032.patch
-Patch0014: 0014-bfd-crash-in-MetalLB.patch
+Patch0014: 0014-bfd-profile-crash.patch
Patch0015: 0015-CVE-2023-38802.patch
%description
@@ -275,11 +275,23 @@ make check PYTHON=%{__python3}
%endif
%changelog
-* Wed Sep 06 2023 Michal Ruprich - 7.5.1-7.2
-- Resolves: #2236708 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router
+* Wed Sep 13 2023 Michal Ruprich - 7.5.1-13
+- Resolves: #2231000 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router
-* Wed Aug 16 2023 Michal Ruprich - 7.5.1-7.1
-- Resolves: #2231829 - BFD crash in FRR running in MetalLB
+* Wed Aug 23 2023 Michal Ruprich - 7.5.1-12
+- Resolves: #2216911 - Adding missing sys_admin SELinux call
+
+* Mon Aug 21 2023 Michal Ruprich - 7.5.1-11
+- Related: #2216911 - Adding unconfined_t type to access namespaces
+
+* Thu Aug 17 2023 Michal Ruprich - 7.5.1-10
+- Related: #2226803 - Adding patch
+
+* Wed Aug 16 2023 Michal Ruprich - 7.5.1-9
+- Resolves: #2226803 - BFD crash in FRR running in MetalLB
+
+* Fri Aug 11 2023 Michal Ruprich - 7.5.1-8
+- Resolves: #2216911 - SELinux is preventing FRR-Zebra to access to network namespaces
* Tue Jul 25 2023 MSVSphere Packaging Team - 7.5.1-7
- Rebuilt for MSVSphere 8.8