Import dssp5

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>

35 files changed, 598 insertions, 0 deletions

diff --git a/src/sys/procfile/sysctlfile/abisysctlfile.cil b/src/sys/procfile/sysctlfile/abisysctlfile.cil
new file mode 100644
index 0000000..0bf5be5
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/abisysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block abi
+
+  (genfscon "proc" "/sys/abi" sysctlfile_context)
+
+  (blockinherit .sysctlfile.abi.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
+
+(in sysctlfile
+
+    (block abi
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.abi.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.abi.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/cryptosysctlfile.cil b/src/sys/procfile/sysctlfile/cryptosysctlfile.cil
new file mode 100644
index 0000000..d56af1f
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/cryptosysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block crypto
+
+  (genfscon "proc" "/sys/crypto" sysctlfile_context)
+
+  (blockinherit .sysctlfile.crypto.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
+
+(in sysctlfile
+
+    (block crypto
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.crypto.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.crypto.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/debugsysctlfile.cil b/src/sys/procfile/sysctlfile/debugsysctlfile.cil
new file mode 100644
index 0000000..8d23149
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/debugsysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block debug
+
+  (genfscon "proc" "/sys/debug" sysctlfile_context)
+
+  (blockinherit .sysctlfile.debug.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
+
+(in sysctlfile
+
+    (block debug
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.debug.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.debug.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/devsysctlfile.cil b/src/sys/procfile/sysctlfile/devsysctlfile.cil
new file mode 100644
index 0000000..87edae1
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/devsysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in dev
+
+    (genfscon "proc" "/sys/dev" sysctlfile_context)
+
+    (blockinherit .sysctlfile.dev.template)
+    (blockinherit .sysctlfile.macro_template_dirs))
+
+(in sysctlfile
+
+    (block dev
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.dev.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.dev.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/fssysctlfile.cil b/src/sys/procfile/sysctlfile/fssysctlfile.cil
new file mode 100644
index 0000000..878092f
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/fssysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in fs
+
+    (genfscon "proc" "/sys/fs" sysctlfile_context)
+
+    (blockinherit .sysctlfile.fs.template)
+    (blockinherit .sysctlfile.macro_template_dirs))
+
+(in sysctlfile
+
+    (block fs
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.fs.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.fs.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile.cil
new file mode 100644
index 0000000..ad66127
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block kernel
+
+  (genfscon "proc" "/sys/kernel" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
+
+(in sysctlfile
+
+    (block kernel
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.kernel.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.kernel.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil
new file mode 100644
index 0000000..b27163e
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block caplastcap
+
+  (genfscon "proc" "/sys/kernel/cap_last_cap" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil
new file mode 100644
index 0000000..7ef9105
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block corepattern
+
+  (genfscon "proc" "/sys/kernel/core_pattern" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil
new file mode 100644
index 0000000..8f95bf8
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block corepipelimit
+
+  (genfscon "proc" "/sys/kernel/core_pipe_limit" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil
new file mode 100644
index 0000000..9bcd7cd
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block firmwareconfig
+
+  (genfscon "proc" "/sys/kernel/firmware_config" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil
new file mode 100644
index 0000000..d4a8ca6
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block hostname
+
+  (genfscon "proc" "/sys/kernel/hostname" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil
new file mode 100644
index 0000000..f65c9db
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in keys
+
+    (genfscon "proc" "/sys/kernel/keys" sysctlfile_context)
+
+    (blockinherit .sysctlfile.kernel.template)
+    (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil
new file mode 100644
index 0000000..7928e56
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block modprobe
+
+  (genfscon "proc" "/sys/kernel/modprobe" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil
new file mode 100644
index 0000000..b39aa80
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block nslastpid
+
+  (genfscon "proc" "/sys/kernel/ns_last_pid" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil
new file mode 100644
index 0000000..9eab507
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block osrelease
+
+  (genfscon "proc" "/sys/kernel/osrelease" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil
new file mode 100644
index 0000000..4517c76
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block overflowuid
+
+  (genfscon "proc" "/sys/kernel/overflowgid" sysctlfile_context)
+  (genfscon "proc" "/sys/kernel/overflowuid" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil
new file mode 100644
index 0000000..168e06a
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block pidmax
+
+  (genfscon "proc" "/sys/kernel/pid_max" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil
new file mode 100644
index 0000000..bf5e36b
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block poweroffcmd
+
+  (genfscon "proc" "/sys/kernel/poweroff_cmd" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil
new file mode 100644
index 0000000..bc96692
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block pty
+
+  (genfscon "proc" "/sys/kernel/pty" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil
new file mode 100644
index 0000000..493ed6f
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil
@@ -0,0 +1,13 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in kernel
+
+    (genfscon "proc" "/sys/kernel/randomize_va_space" sysctlfile_context))
+
+(in random
+
+    (genfscon "proc" "/sys/kernel/random" sysctlfile_context)
+
+    (blockinherit .sysctlfile.kernel.template)
+    (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil
new file mode 100644
index 0000000..b9f2878
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block seccomp
+
+  (genfscon "proc" "/sys/kernel/seccomp" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil
new file mode 100644
index 0000000..5d31bf8
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block threadsmax
+
+  (genfscon "proc" "/sys/kernel/threads-max" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil
new file mode 100644
index 0000000..e848922
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block usermodehelper
+
+  (genfscon "proc" "/sys/kernel/usermodehelper" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil
new file mode 100644
index 0000000..a958a40
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block yama
+
+  (genfscon "proc" "/sys/kernel/yama" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile.cil
new file mode 100644
index 0000000..1917846
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in net
+
+    (genfscon "proc" "/sys/net" sysctlfile_context)
+
+    (blockinherit .sysctlfile.macro_template_dirs)
+    (blockinherit .sysctlfile.net.template))
+
+(in sysctlfile
+
+    (block net
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.net.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.net.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/corenetsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/corenetsysctlfile.cil
new file mode 100644
index 0000000..432152a
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile/corenetsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block core
+
+  (genfscon "proc" "/sys/net/core" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.net.template))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/ipv4netsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/ipv4netsysctlfile.cil
new file mode 100644
index 0000000..02cc2de
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile/ipv4netsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block ipv4
+
+  (genfscon "proc" "/sys/net/ipv4" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.net.template))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/ipv6netsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/ipv6netsysctlfile.cil
new file mode 100644
index 0000000..3aae3b9
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile/ipv6netsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block ipv6
+
+  (genfscon "proc" "/sys/net/ipv6" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.net.template))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/mptcpnetsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/mptcpnetsysctlfile.cil
new file mode 100644
index 0000000..0668458
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile/mptcpnetsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block mptcp
+
+  (genfscon "proc" "/sys/net/mptcp" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.net.template))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/netfilternetsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/netfilternetsysctlfile.cil
new file mode 100644
index 0000000..d4ba916
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile/netfilternetsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block netfilter
+
+  (genfscon "proc" "/sys/net/netfilter" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.net.template))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/unixnetsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/unixnetsysctlfile.cil
new file mode 100644
index 0000000..bd60a46
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile/unixnetsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block unix
+
+  (genfscon "proc" "/sys/net/unix" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.net.template))
diff --git a/src/sys/procfile/sysctlfile/sunrpcsysctlfile.cil b/src/sys/procfile/sysctlfile/sunrpcsysctlfile.cil
new file mode 100644
index 0000000..1b297b7
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/sunrpcsysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block sunrpc
+
+  (genfscon "proc" "/sys/sunrpc" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.sunrpc.template))
+
+(in sysctlfile
+
+    (block sunrpc
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.sunrpc.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.macro_template_files)
+	(blockinherit .sysctlfile.sunrpc.base_template))))
diff --git a/src/sys/procfile/sysctlfile/usersysctlfile.cil b/src/sys/procfile/sysctlfile/usersysctlfile.cil
new file mode 100644
index 0000000..4b04c86
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/usersysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block user
+
+  (genfscon "proc" "/sys/user" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.user.template))
+
+(in sysctlfile
+
+    (block user
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.user.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.user.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/vmsysctlfile.cil b/src/sys/procfile/sysctlfile/vmsysctlfile.cil
new file mode 100644
index 0000000..b88afd2
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/vmsysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block vm
+
+  (genfscon "proc" "/sys/vm" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.vm.template))
+
+(in sysctlfile
+
+    (block vm
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.vm.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.vm.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/vmsysctlfile/overcommitmemoryvmsysctlfile.cil b/src/sys/procfile/sysctlfile/vmsysctlfile/overcommitmemoryvmsysctlfile.cil
new file mode 100644
index 0000000..2ecb737
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/vmsysctlfile/overcommitmemoryvmsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block overcommitmemory
+
+  (genfscon "proc" "/sys/vm/overcommit_memory" sysctlfile_context)
+
+  (blockinherit .sysctlfile.vm.template))