Summary:
SELinux denial when using mdadm monitor on software RAID1 (capability { bpf })

Description:
When setting up a software RAID1 using `mdadm`, the following SELinux denial occurs when `mdadm` starts in monitor mode:

Steps to reproduce:
1. Create a RAID1 array using two NVMe disks:

    mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sdb /dev/sdc
    mdadm --examine --scan > /etc/mdadm.conf
    mkfs.xfs -f /dev/md0
    mount /dev/md0 /mnt/

2. Observe SELinux denials in audit logs:

    audit2why -b output:
    type=AVC msg=audit(1750848463.003:19): avc:  denied  { bpf } for  pid=800 comm="mdadm" capability=39  scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:system_r:mdadm_t:s0 tclass=capability2 permissive=0

    Was caused by:
        Missing type enforcement (TE) allow rule.
        You can use audit2allow to generate a loadable module to allow this access.

3. Confirm process details:

    ps aux | grep 800
    root         800  0.0  0.0   3752  2064 ?        Ss   06:47   0:00 /sbin/mdadm --monitor --scan --syslog -f --pid-file=/run/mdadm/mdadm.pid

Expected behavior:
No SELinux denials should occur when `mdadm --monitor` is running in its default configuration on a supported RAID setup.

Additional information:

• SELinux mode: Enforcing
• Distribution: CentOS Stream 9
• Kernel version: 5.14.0-583.el9.x86_64
• Policy package version: selinux-policy-38.1.56-1.el9.noarch, selinux-policy-targeted-38.1.56-1.el9.noarch