Import dssp5

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
author: Dominick Grift <dominick.grift@defensec.nl> 2023-08-20 15:44:41 +0200
committer: Dominick Grift <dominick.grift@defensec.nl> 2023-08-20 15:46:23 +0200
commit: 0c187b6ff97f91c41dab65a6426dc61f77305cdf (patch)
tree: 1e35f5851154500a8a39428a45a5671f9488e1da /src/sys/procfile/sysctlfile/kernelsysctlfile
download: selinux-policy-0c187b6ff97f91c41dab65a6426dc61f77305cdf.tar.gz
18 files changed, 156 insertions, 0 deletions
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil
new file mode 100644
index 0000000..b27163e
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block caplastcap
+
+  (genfscon "proc" "/sys/kernel/cap_last_cap" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil
new file mode 100644
index 0000000..7ef9105
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block corepattern
+
+  (genfscon "proc" "/sys/kernel/core_pattern" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil
new file mode 100644
index 0000000..8f95bf8
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block corepipelimit
+
+  (genfscon "proc" "/sys/kernel/core_pipe_limit" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil
new file mode 100644
index 0000000..9bcd7cd
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block firmwareconfig
+
+  (genfscon "proc" "/sys/kernel/firmware_config" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil
new file mode 100644
index 0000000..d4a8ca6
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block hostname
+
+  (genfscon "proc" "/sys/kernel/hostname" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil
new file mode 100644
index 0000000..f65c9db
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in keys
+
+    (genfscon "proc" "/sys/kernel/keys" sysctlfile_context)
+
+    (blockinherit .sysctlfile.kernel.template)
+    (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil
new file mode 100644
index 0000000..7928e56
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block modprobe
+
+  (genfscon "proc" "/sys/kernel/modprobe" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil
new file mode 100644
index 0000000..b39aa80
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block nslastpid
+
+  (genfscon "proc" "/sys/kernel/ns_last_pid" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil
new file mode 100644
index 0000000..9eab507
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block osrelease
+
+  (genfscon "proc" "/sys/kernel/osrelease" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil
new file mode 100644
index 0000000..4517c76
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block overflowuid
+
+  (genfscon "proc" "/sys/kernel/overflowgid" sysctlfile_context)
+  (genfscon "proc" "/sys/kernel/overflowuid" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil
new file mode 100644
index 0000000..168e06a
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block pidmax
+
+  (genfscon "proc" "/sys/kernel/pid_max" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil
new file mode 100644
index 0000000..bf5e36b
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block poweroffcmd
+
+  (genfscon "proc" "/sys/kernel/poweroff_cmd" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil
new file mode 100644
index 0000000..bc96692
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block pty
+
+  (genfscon "proc" "/sys/kernel/pty" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil
new file mode 100644
index 0000000..493ed6f
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil
@@ -0,0 +1,13 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in kernel
+
+    (genfscon "proc" "/sys/kernel/randomize_va_space" sysctlfile_context))
+
+(in random
+
+    (genfscon "proc" "/sys/kernel/random" sysctlfile_context)
+
+    (blockinherit .sysctlfile.kernel.template)
+    (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil
new file mode 100644
index 0000000..b9f2878
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block seccomp
+
+  (genfscon "proc" "/sys/kernel/seccomp" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil
new file mode 100644
index 0000000..5d31bf8
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block threadsmax
+
+  (genfscon "proc" "/sys/kernel/threads-max" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil
new file mode 100644
index 0000000..e848922
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block usermodehelper
+
+  (genfscon "proc" "/sys/kernel/usermodehelper" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil
new file mode 100644
index 0000000..a958a40
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block yama
+
+  (genfscon "proc" "/sys/kernel/yama" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
author	Dominick Grift <dominick.grift@defensec.nl>	2023-08-20 15:44:41 +0200
committer	Dominick Grift <dominick.grift@defensec.nl>	2023-08-20 15:46:23 +0200
commit	0c187b6ff97f91c41dab65a6426dc61f77305cdf (patch)
tree	1e35f5851154500a8a39428a45a5671f9488e1da /src/sys/procfile/sysctlfile/kernelsysctlfile
download	selinux-policy-0c187b6ff97f91c41dab65a6426dc61f77305cdf.tar.gz