Import dssp5

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
author: Dominick Grift <dominick.grift@defensec.nl> 2023-08-20 15:44:41 +0200
committer: Dominick Grift <dominick.grift@defensec.nl> 2023-08-20 15:46:23 +0200
commit: 0c187b6ff97f91c41dab65a6426dc61f77305cdf (patch)
tree: 1e35f5851154500a8a39428a45a5671f9488e1da /src/sys/procfile
download: selinux-policy-0c187b6ff97f91c41dab65a6426dc61f77305cdf.tar.gz
104 files changed, 1335 insertions, 0 deletions
diff --git a/src/sys/procfile/acpiprocfile.cil b/src/sys/procfile/acpiprocfile.cil
new file mode 100644
index 0000000..ce00061
--- /dev/null
+++ b/src/sys/procfile/acpiprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block acpi
+
+  (genfscon "proc" "/acpi" procfile_context)
+
+  (blockinherit .procfile.macro_template_dirs)
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/asoundprocfile.cil b/src/sys/procfile/asoundprocfile.cil
new file mode 100644
index 0000000..1b6342b
--- /dev/null
+++ b/src/sys/procfile/asoundprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block asound
+
+  (genfscon "proc" "/asound" procfile_context)
+
+  (blockinherit .procfile.macro_template_dirs)
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/bootconfigprocfile.cil b/src/sys/procfile/bootconfigprocfile.cil
new file mode 100644
index 0000000..695b76f
--- /dev/null
+++ b/src/sys/procfile/bootconfigprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block bootconfig
+
+  (genfscon "proc" "/bootconfig" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/buddyinfoprocfile.cil b/src/sys/procfile/buddyinfoprocfile.cil
new file mode 100644
index 0000000..0cdf4f9
--- /dev/null
+++ b/src/sys/procfile/buddyinfoprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block buddyinfo
+
+  (genfscon "proc" "/buddyinfo" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/busprocfile.cil b/src/sys/procfile/busprocfile.cil
new file mode 100644
index 0000000..04a16b9
--- /dev/null
+++ b/src/sys/procfile/busprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in bus
+
+    (genfscon "proc" "/bus" procfile_context)
+
+    (blockinherit .procfile.macro_template_dirs)
+    (blockinherit .procfile.template))
diff --git a/src/sys/procfile/cgroupsprocfile.cil b/src/sys/procfile/cgroupsprocfile.cil
new file mode 100644
index 0000000..71a8153
--- /dev/null
+++ b/src/sys/procfile/cgroupsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block cgroups
+
+  (genfscon "proc" "/cgroups" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/cmdlineprocfile.cil b/src/sys/procfile/cmdlineprocfile.cil
new file mode 100644
index 0000000..92e7081
--- /dev/null
+++ b/src/sys/procfile/cmdlineprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block cmdline
+
+  (genfscon "proc" "/cmdline" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/consolesprocfile.cil b/src/sys/procfile/consolesprocfile.cil
new file mode 100644
index 0000000..61d9689
--- /dev/null
+++ b/src/sys/procfile/consolesprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block consoles
+
+  (genfscon "proc" "/consoles" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/cpuinfoprocfile.cil b/src/sys/procfile/cpuinfoprocfile.cil
new file mode 100644
index 0000000..1afb35d
--- /dev/null
+++ b/src/sys/procfile/cpuinfoprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block cpuinfo
+
+  (genfscon "proc" "/cpuinfo" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/cpuprocfile.cil b/src/sys/procfile/cpuprocfile.cil
new file mode 100644
index 0000000..96b54e5
--- /dev/null
+++ b/src/sys/procfile/cpuprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in cpu
+
+    (genfscon "proc" "/cpu" procfile_context)
+
+    (blockinherit .procfile.macro_template_dirs)
+    (blockinherit .procfile.template))
diff --git a/src/sys/procfile/cryptoprocfile.cil b/src/sys/procfile/cryptoprocfile.cil
new file mode 100644
index 0000000..711842a
--- /dev/null
+++ b/src/sys/procfile/cryptoprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in crypto
+
+    (genfscon "proc" "/crypto" procfile_context)
+
+    (blockinherit .procfile.template))
diff --git a/src/sys/procfile/devicesprocfile.cil b/src/sys/procfile/devicesprocfile.cil
new file mode 100644
index 0000000..83d417f
--- /dev/null
+++ b/src/sys/procfile/devicesprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in devices
+
+    (genfscon "proc" "/devices" procfile_context)
+
+    (blockinherit .procfile.template))
diff --git a/src/sys/procfile/diskstatsprocfile.cil b/src/sys/procfile/diskstatsprocfile.cil
new file mode 100644
index 0000000..91e750b
--- /dev/null
+++ b/src/sys/procfile/diskstatsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block diskstats
+
+  (genfscon "proc" "/diskstats" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/dmaprocfile.cil b/src/sys/procfile/dmaprocfile.cil
new file mode 100644
index 0000000..3403e9b
--- /dev/null
+++ b/src/sys/procfile/dmaprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block dma
+
+  (genfscon "proc" "/dma" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/driverprocfile.cil b/src/sys/procfile/driverprocfile.cil
new file mode 100644
index 0000000..532d389
--- /dev/null
+++ b/src/sys/procfile/driverprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block driver
+
+  (genfscon "proc" "/driver" procfile_context)
+
+  (blockinherit .procfile.macro_template_dirs)
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/dynamicdebugprocfile.cil b/src/sys/procfile/dynamicdebugprocfile.cil
new file mode 100644
index 0000000..a811c2d
--- /dev/null
+++ b/src/sys/procfile/dynamicdebugprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block dynamicdebug
+
+  (genfscon "proc" "/dynamic_debug" procfile_context)
+
+  (blockinherit .procfile.macro_template_dirs)
+  (blockinherit .procfile.base_template))
diff --git a/src/sys/procfile/execdomainsprocfile.cil b/src/sys/procfile/execdomainsprocfile.cil
new file mode 100644
index 0000000..177f33a
--- /dev/null
+++ b/src/sys/procfile/execdomainsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block execdomains
+
+  (genfscon "proc" "/execdomains" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/fbprocfile.cil b/src/sys/procfile/fbprocfile.cil
new file mode 100644
index 0000000..9f7e75b
--- /dev/null
+++ b/src/sys/procfile/fbprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in fb
+
+    (genfscon "proc" "/fb" procfile_context)
+
+    (blockinherit .procfile.template))
diff --git a/src/sys/procfile/filesystemsprocfile.cil b/src/sys/procfile/filesystemsprocfile.cil
new file mode 100644
index 0000000..b39c3ed
--- /dev/null
+++ b/src/sys/procfile/filesystemsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block filesystems
+
+  (genfscon "proc" "/filesystems" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/fsprocfile.cil b/src/sys/procfile/fsprocfile.cil
new file mode 100644
index 0000000..5b46976
--- /dev/null
+++ b/src/sys/procfile/fsprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in fs
+
+    (genfscon "proc" "/fs" procfile_context)
+
+    (blockinherit .procfile.macro_template_dirs)
+    (blockinherit .procfile.template))
diff --git a/src/sys/procfile/interruptsprocfile.cil b/src/sys/procfile/interruptsprocfile.cil
new file mode 100644
index 0000000..31eccc3
--- /dev/null
+++ b/src/sys/procfile/interruptsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block interrupts
+
+  (genfscon "proc" "/interrupts" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/iomemprocfile.cil b/src/sys/procfile/iomemprocfile.cil
new file mode 100644
index 0000000..cc16761
--- /dev/null
+++ b/src/sys/procfile/iomemprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block iomem
+
+  (genfscon "proc" "/iomem" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/ioportsprocfile.cil b/src/sys/procfile/ioportsprocfile.cil
new file mode 100644
index 0000000..03852ce
--- /dev/null
+++ b/src/sys/procfile/ioportsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block ioports
+
+  (genfscon "proc" "/ioports" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/irqprocfile.cil b/src/sys/procfile/irqprocfile.cil
new file mode 100644
index 0000000..fdd4e92
--- /dev/null
+++ b/src/sys/procfile/irqprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block irq
+
+  (genfscon "proc" "/irq" procfile_context)
+
+  (blockinherit .procfile.macro_template_dirs)
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/jffs2bbcprocfile.cil b/src/sys/procfile/jffs2bbcprocfile.cil
new file mode 100644
index 0000000..7b8d78c
--- /dev/null
+++ b/src/sys/procfile/jffs2bbcprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block jffs2bbc
+
+  (genfscon "proc" "/jffs2_bbc" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/kallsymsprocfile.cil b/src/sys/procfile/kallsymsprocfile.cil
new file mode 100644
index 0000000..33e3ee1
--- /dev/null
+++ b/src/sys/procfile/kallsymsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block kallsyms
+
+  (genfscon "proc" "/kallsyms" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/kcoreprocfile.cil b/src/sys/procfile/kcoreprocfile.cil
new file mode 100644
index 0000000..c367f51
--- /dev/null
+++ b/src/sys/procfile/kcoreprocfile.cil
@@ -0,0 +1,48 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block kcore
+
+  (genfscon "proc" "/kcore" procfile_context)
+
+  (blockinherit .procfile.template)
+
+  (call .procfile.exception.type (procfile))
+
+  (block read
+
+    (macro type ((type ARG1))
+	   (typeattributeset typeattr ARG1))
+
+    (typeattribute not_typeattr)
+    (typeattribute typeattr)
+
+    (typeattributeset not_typeattr (not typeattr))
+
+    (neverallow not_typeattr procfile (file (read))))
+
+  (block readwrite
+
+    (macro type ((type ARG1))
+	   (typeattributeset typeattr ARG1))
+
+    (typeattribute typeattr)
+
+    (call read.type (typeattr))
+    (call write.type (typeattr)))
+
+  (block write
+
+    (macro type ((type ARG1))
+	   (typeattributeset typeattr ARG1))
+
+    (typeattribute not_typeattr)
+    (typeattribute typeattr)
+
+    (typeattributeset not_typeattr (not typeattr))
+
+    (neverallow not_typeattr procfile (file (append write)))))
+
+(in procfile.unconfined
+
+    (call .kcore.readwrite.type (typeattr)))
diff --git a/src/sys/procfile/keysprocfile.cil b/src/sys/procfile/keysprocfile.cil
new file mode 100644
index 0000000..a41791c
--- /dev/null
+++ b/src/sys/procfile/keysprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block keys
+
+  (genfscon "proc" "/keys" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/keyusersprocfile.cil b/src/sys/procfile/keyusersprocfile.cil
new file mode 100644
index 0000000..4c7617b
--- /dev/null
+++ b/src/sys/procfile/keyusersprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block keyusers
+
+  (genfscon "proc" "/key-users" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/kmsgprocfile.cil b/src/sys/procfile/kmsgprocfile.cil
new file mode 100644
index 0000000..bb5f80e
--- /dev/null
+++ b/src/sys/procfile/kmsgprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in kmsg
+
+    (genfscon "proc" "/kmsg" procfile_context)
+
+    (blockinherit .procfile.template))
diff --git a/src/sys/procfile/kpagecgroupprocfile.cil b/src/sys/procfile/kpagecgroupprocfile.cil
new file mode 100644
index 0000000..45ed0cf
--- /dev/null
+++ b/src/sys/procfile/kpagecgroupprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block kpagecgroup
+
+  (genfscon "proc" "/kpagecgroup" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/kpagecountprocfile.cil b/src/sys/procfile/kpagecountprocfile.cil
new file mode 100644
index 0000000..cfdfe4b
--- /dev/null
+++ b/src/sys/procfile/kpagecountprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block kpagecount
+
+  (genfscon "proc" "/kpagecount" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/kpageflagsprocfile.cil b/src/sys/procfile/kpageflagsprocfile.cil
new file mode 100644
index 0000000..10cf173
--- /dev/null
+++ b/src/sys/procfile/kpageflagsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block kpageflags
+
+  (genfscon "proc" "/kpageflags" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/latencystatsprocfile.cil b/src/sys/procfile/latencystatsprocfile.cil
new file mode 100644
index 0000000..f195b17
--- /dev/null
+++ b/src/sys/procfile/latencystatsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block latencystats
+
+  (genfscon "proc" "/latency_stats" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/loadavgprocfile.cil b/src/sys/procfile/loadavgprocfile.cil
new file mode 100644
index 0000000..9ac128e
--- /dev/null
+++ b/src/sys/procfile/loadavgprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block loadavg
+
+  (genfscon "proc" "/loadavg" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/lockdepchainsprocfile.cil b/src/sys/procfile/lockdepchainsprocfile.cil
new file mode 100644
index 0000000..6a1def1
--- /dev/null
+++ b/src/sys/procfile/lockdepchainsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block lockdepchains
+
+  (genfscon "proc" "/lockdep_chains" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/lockdepprocfile.cil b/src/sys/procfile/lockdepprocfile.cil
new file mode 100644
index 0000000..f40bda0
--- /dev/null
+++ b/src/sys/procfile/lockdepprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block lockdep
+
+  (genfscon "proc" "/lockdep" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/lockdepstatsprocfile.cil b/src/sys/procfile/lockdepstatsprocfile.cil
new file mode 100644
index 0000000..4be05b3
--- /dev/null
+++ b/src/sys/procfile/lockdepstatsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block lockdepstats
+
+  (genfscon "proc" "/lockdep_stats" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/locksprocfile.cil b/src/sys/procfile/locksprocfile.cil
new file mode 100644
index 0000000..05d40af
--- /dev/null
+++ b/src/sys/procfile/locksprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block locks
+
+  (genfscon "proc" "/locks" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/lockstatprocfile.cil b/src/sys/procfile/lockstatprocfile.cil
new file mode 100644
index 0000000..18dc93f
--- /dev/null
+++ b/src/sys/procfile/lockstatprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block lockstat
+
+  (genfscon "proc" "/lock_stat" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/mdstatprocfile.cil b/src/sys/procfile/mdstatprocfile.cil
new file mode 100644
index 0000000..46b78ea
--- /dev/null
+++ b/src/sys/procfile/mdstatprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block mdstat
+
+  (genfscon "proc" "/mdstat" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/meminfoprocfile.cil b/src/sys/procfile/meminfoprocfile.cil
new file mode 100644
index 0000000..9136178
--- /dev/null
+++ b/src/sys/procfile/meminfoprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block meminfo
+
+  (genfscon "proc" "/meminfo" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/miscprocfile.cil b/src/sys/procfile/miscprocfile.cil
new file mode 100644
index 0000000..497c140
--- /dev/null
+++ b/src/sys/procfile/miscprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block misc
+
+  (genfscon "proc" "/misc" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/modulesprocfile.cil b/src/sys/procfile/modulesprocfile.cil
new file mode 100644
index 0000000..542ae2a
--- /dev/null
+++ b/src/sys/procfile/modulesprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block modules
+
+  (genfscon "proc" "/modules" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/mptprocfile.cil b/src/sys/procfile/mptprocfile.cil
new file mode 100644
index 0000000..c471afb
--- /dev/null
+++ b/src/sys/procfile/mptprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block mpt
+
+  (genfscon "proc" "/mpt" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/mtdprocfile.cil b/src/sys/procfile/mtdprocfile.cil
new file mode 100644
index 0000000..83b3e57
--- /dev/null
+++ b/src/sys/procfile/mtdprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in mtd
+
+    (genfscon "proc" "/mtd" procfile_context)
+
+    (blockinherit .procfile.template))
diff --git a/src/sys/procfile/mtrrprocfile.cil b/src/sys/procfile/mtrrprocfile.cil
new file mode 100644
index 0000000..40dd60f
--- /dev/null
+++ b/src/sys/procfile/mtrrprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block mtrr
+
+  (genfscon "proc" "/mtrr" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/netprocfile.cil b/src/sys/procfile/netprocfile.cil
new file mode 100644
index 0000000..0cf3d3d
--- /dev/null
+++ b/src/sys/procfile/netprocfile.cil
@@ -0,0 +1,10 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in net
+
+    (genfscon "proc" "/net" procfile_context)
+
+    (blockinherit .procfile.macro_template_dirs)
+    (blockinherit .procfile.macro_template_lnk_files)
+    (blockinherit .procfile.template))
diff --git a/src/sys/procfile/pagetypeinfoprocfile.cil b/src/sys/procfile/pagetypeinfoprocfile.cil
new file mode 100644
index 0000000..1ffef39
--- /dev/null
+++ b/src/sys/procfile/pagetypeinfoprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block pagetypeinfo
+
+  (genfscon "proc" "/pagetypeinfo" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/partitionsprocfile.cil b/src/sys/procfile/partitionsprocfile.cil
new file mode 100644
index 0000000..32d7878
--- /dev/null
+++ b/src/sys/procfile/partitionsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block partitions
+
+  (genfscon "proc" "/partitions" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/pressureprocfile.cil b/src/sys/procfile/pressureprocfile.cil
new file mode 100644
index 0000000..bc62a65
--- /dev/null
+++ b/src/sys/procfile/pressureprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block pressure
+
+  (genfscon "proc" "/pressure" procfile_context)
+
+  (blockinherit .procfile.macro_template_dirs)
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/scheddebugprocfile.cil b/src/sys/procfile/scheddebugprocfile.cil
new file mode 100644
index 0000000..d56d8ea
--- /dev/null
+++ b/src/sys/procfile/scheddebugprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block scheddebug
+
+  (genfscon "proc" "/sched_debug" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/schedstatprocfile.cil b/src/sys/procfile/schedstatprocfile.cil
new file mode 100644
index 0000000..1849ea8
--- /dev/null
+++ b/src/sys/procfile/schedstatprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block schedstat
+
+  (genfscon "proc" "/schedstat" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/scsiprocfile.cil b/src/sys/procfile/scsiprocfile.cil
new file mode 100644
index 0000000..c27e5e6
--- /dev/null
+++ b/src/sys/procfile/scsiprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block scsi
+
+  (genfscon "proc" "/scsi" procfile_context)
+
+  (blockinherit .procfile.macro_template_dirs)
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/slabinfoprocfile.cil b/src/sys/procfile/slabinfoprocfile.cil
new file mode 100644
index 0000000..39991de
--- /dev/null
+++ b/src/sys/procfile/slabinfoprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block slabinfo
+
+  (genfscon "proc" "/slabinfo" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/softirqsprocfile.cil b/src/sys/procfile/softirqsprocfile.cil
new file mode 100644
index 0000000..72ded46
--- /dev/null
+++ b/src/sys/procfile/softirqsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block softirqs
+
+  (genfscon "proc" "/softirqs" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/statprocfile.cil b/src/sys/procfile/statprocfile.cil
new file mode 100644
index 0000000..75ce983
--- /dev/null
+++ b/src/sys/procfile/statprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block stat
+
+  (genfscon "proc" "/stat" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/swapsprocfile.cil b/src/sys/procfile/swapsprocfile.cil
new file mode 100644
index 0000000..3a7cabf
--- /dev/null
+++ b/src/sys/procfile/swapsprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block swaps
+
+  (genfscon "proc" "/swaps" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/sysctlfile.cil b/src/sys/procfile/sysctlfile.cil
new file mode 100644
index 0000000..b0e9787
--- /dev/null
+++ b/src/sys/procfile/sysctlfile.cil
@@ -0,0 +1,138 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block sysctlfile
+
+  (macro type ((type ARG1))
+	 (typeattributeset typeattr ARG1))
+
+  (typeattribute typeattr)
+
+  (blockinherit .file.all_macro_template_dirs)
+  (blockinherit .file.all_macro_template_files)
+
+  (call .procfile.type (typeattr))
+
+  (block base_template
+
+    (blockabstract base_template)
+
+    (context sysctlfile_context (.sys.id .sys.role sysctlfile lowlevelrange))
+
+    (type sysctlfile)
+    (call .sysctlfile.type (sysctlfile)))
+
+  (block macro_template_dirs
+
+    (blockabstract macro_template_dirs)
+
+    (macro addname_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile addname_dir))
+
+    (macro create_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile create_dir))
+
+    (macro delete_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile delete_dir))
+
+    (macro deletename_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile deletename_dir))
+
+    (macro list_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile list_dir))
+
+    (macro listinherited_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile listinherited_dir))
+
+    (macro manage_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile manage_dir))
+
+    (macro mounton_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile mounton_dir))
+
+    (macro readwrite_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile readwrite_dir))
+
+    (macro readwriteinherited_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile readwriteinherited_dir))
+
+    (macro rename_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile rename_dir))
+
+    (macro search_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile search_dir))
+
+    (macro write_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile write_dir))
+
+    (macro writeinherited_sysctlfile_dirs ((type ARG1))
+	   (allow ARG1 sysctlfile writeinherited_dir)))
+
+  (block macro_template_files
+
+    (blockabstract macro_template_files)
+
+    (macro append_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile append_file))
+
+    (macro appendinherited_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile appendinherited_file))
+
+    (macro create_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile create_file))
+
+    (macro delete_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile delete_file))
+
+    (macro execute_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile execute_file))
+
+    (macro manage_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile manage_file))
+
+    (macro mapexecute_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile mapexecute_file))
+
+    (macro mounton_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile mounton_file))
+
+    (macro read_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile read_file))
+
+    (macro readinherited_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile readinherited_file))
+
+    (macro readwrite_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile readwrite_file))
+
+    (macro readwriteinherited_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile readwriteinherited_file))
+
+    (macro rename_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile rename_file))
+
+    (macro write_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile write_file))
+
+    (macro writeinherited_sysctlfile_files ((type ARG1))
+	   (allow ARG1 sysctlfile writeinherited_file)))
+
+  (block template
+
+    (blockabstract template)
+
+    (blockinherit .sysctlfile.base_template)
+    (blockinherit .sysctlfile.macro_template_files))
+
+  (block unconfined
+
+    (macro type ((type ARG1))
+	   (typeattributeset typeattr ARG1))
+
+    (typeattribute typeattr)
+
+    (allow typeattr sysctlfile.typeattr
+	   (dir (not (audit_access execmod relabelfrom relabelto))))
+    (allow typeattr sysctlfile.typeattr
+	   (file (not (audit_access entrypoint execmod relabelfrom
+				    relabelto))))))
diff --git a/src/sys/procfile/sysctlfile/abisysctlfile.cil b/src/sys/procfile/sysctlfile/abisysctlfile.cil
new file mode 100644
index 0000000..0bf5be5
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/abisysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block abi
+
+  (genfscon "proc" "/sys/abi" sysctlfile_context)
+
+  (blockinherit .sysctlfile.abi.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
+
+(in sysctlfile
+
+    (block abi
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.abi.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.abi.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/cryptosysctlfile.cil b/src/sys/procfile/sysctlfile/cryptosysctlfile.cil
new file mode 100644
index 0000000..d56af1f
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/cryptosysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block crypto
+
+  (genfscon "proc" "/sys/crypto" sysctlfile_context)
+
+  (blockinherit .sysctlfile.crypto.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
+
+(in sysctlfile
+
+    (block crypto
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.crypto.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.crypto.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/debugsysctlfile.cil b/src/sys/procfile/sysctlfile/debugsysctlfile.cil
new file mode 100644
index 0000000..8d23149
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/debugsysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block debug
+
+  (genfscon "proc" "/sys/debug" sysctlfile_context)
+
+  (blockinherit .sysctlfile.debug.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
+
+(in sysctlfile
+
+    (block debug
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.debug.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.debug.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/devsysctlfile.cil b/src/sys/procfile/sysctlfile/devsysctlfile.cil
new file mode 100644
index 0000000..87edae1
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/devsysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in dev
+
+    (genfscon "proc" "/sys/dev" sysctlfile_context)
+
+    (blockinherit .sysctlfile.dev.template)
+    (blockinherit .sysctlfile.macro_template_dirs))
+
+(in sysctlfile
+
+    (block dev
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.dev.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.dev.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/fssysctlfile.cil b/src/sys/procfile/sysctlfile/fssysctlfile.cil
new file mode 100644
index 0000000..878092f
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/fssysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in fs
+
+    (genfscon "proc" "/sys/fs" sysctlfile_context)
+
+    (blockinherit .sysctlfile.fs.template)
+    (blockinherit .sysctlfile.macro_template_dirs))
+
+(in sysctlfile
+
+    (block fs
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.fs.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.fs.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile.cil
new file mode 100644
index 0000000..ad66127
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block kernel
+
+  (genfscon "proc" "/sys/kernel" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
+
+(in sysctlfile
+
+    (block kernel
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.kernel.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.kernel.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil
new file mode 100644
index 0000000..b27163e
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/caplastcapkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block caplastcap
+
+  (genfscon "proc" "/sys/kernel/cap_last_cap" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil
new file mode 100644
index 0000000..7ef9105
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepatternkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block corepattern
+
+  (genfscon "proc" "/sys/kernel/core_pattern" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil
new file mode 100644
index 0000000..8f95bf8
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/corepipelimitkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block corepipelimit
+
+  (genfscon "proc" "/sys/kernel/core_pipe_limit" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil
new file mode 100644
index 0000000..9bcd7cd
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/firmwareconfigkernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block firmwareconfig
+
+  (genfscon "proc" "/sys/kernel/firmware_config" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil
new file mode 100644
index 0000000..d4a8ca6
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/hostnamekernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block hostname
+
+  (genfscon "proc" "/sys/kernel/hostname" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil
new file mode 100644
index 0000000..f65c9db
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/keyskernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in keys
+
+    (genfscon "proc" "/sys/kernel/keys" sysctlfile_context)
+
+    (blockinherit .sysctlfile.kernel.template)
+    (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil
new file mode 100644
index 0000000..7928e56
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/modprobekernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block modprobe
+
+  (genfscon "proc" "/sys/kernel/modprobe" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil
new file mode 100644
index 0000000..b39aa80
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/nslastpidkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block nslastpid
+
+  (genfscon "proc" "/sys/kernel/ns_last_pid" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil
new file mode 100644
index 0000000..9eab507
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/osreleasekernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block osrelease
+
+  (genfscon "proc" "/sys/kernel/osrelease" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil
new file mode 100644
index 0000000..4517c76
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/overflowuidkernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block overflowuid
+
+  (genfscon "proc" "/sys/kernel/overflowgid" sysctlfile_context)
+  (genfscon "proc" "/sys/kernel/overflowuid" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil
new file mode 100644
index 0000000..168e06a
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/pidmaxkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block pidmax
+
+  (genfscon "proc" "/sys/kernel/pid_max" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil
new file mode 100644
index 0000000..bf5e36b
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/poweroffcmdkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block poweroffcmd
+
+  (genfscon "proc" "/sys/kernel/poweroff_cmd" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil
new file mode 100644
index 0000000..bc96692
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/ptykernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block pty
+
+  (genfscon "proc" "/sys/kernel/pty" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil
new file mode 100644
index 0000000..493ed6f
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/randomkernelsysctlfile.cil
@@ -0,0 +1,13 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in kernel
+
+    (genfscon "proc" "/sys/kernel/randomize_va_space" sysctlfile_context))
+
+(in random
+
+    (genfscon "proc" "/sys/kernel/random" sysctlfile_context)
+
+    (blockinherit .sysctlfile.kernel.template)
+    (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil
new file mode 100644
index 0000000..b9f2878
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/seccompkernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block seccomp
+
+  (genfscon "proc" "/sys/kernel/seccomp" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil
new file mode 100644
index 0000000..5d31bf8
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/threadsmaxkernelsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block threadsmax
+
+  (genfscon "proc" "/sys/kernel/threads-max" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil
new file mode 100644
index 0000000..e848922
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/usermodehelperkernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block usermodehelper
+
+  (genfscon "proc" "/sys/kernel/usermodehelper" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil b/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil
new file mode 100644
index 0000000..a958a40
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/kernelsysctlfile/yamakernelsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block yama
+
+  (genfscon "proc" "/sys/kernel/yama" sysctlfile_context)
+
+  (blockinherit .sysctlfile.kernel.template)
+  (blockinherit .sysctlfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile.cil
new file mode 100644
index 0000000..1917846
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in net
+
+    (genfscon "proc" "/sys/net" sysctlfile_context)
+
+    (blockinherit .sysctlfile.macro_template_dirs)
+    (blockinherit .sysctlfile.net.template))
+
+(in sysctlfile
+
+    (block net
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.net.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.net.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/corenetsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/corenetsysctlfile.cil
new file mode 100644
index 0000000..432152a
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile/corenetsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block core
+
+  (genfscon "proc" "/sys/net/core" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.net.template))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/ipv4netsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/ipv4netsysctlfile.cil
new file mode 100644
index 0000000..02cc2de
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile/ipv4netsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block ipv4
+
+  (genfscon "proc" "/sys/net/ipv4" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.net.template))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/ipv6netsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/ipv6netsysctlfile.cil
new file mode 100644
index 0000000..3aae3b9
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile/ipv6netsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block ipv6
+
+  (genfscon "proc" "/sys/net/ipv6" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.net.template))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/mptcpnetsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/mptcpnetsysctlfile.cil
new file mode 100644
index 0000000..0668458
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile/mptcpnetsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block mptcp
+
+  (genfscon "proc" "/sys/net/mptcp" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.net.template))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/netfilternetsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/netfilternetsysctlfile.cil
new file mode 100644
index 0000000..d4ba916
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile/netfilternetsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block netfilter
+
+  (genfscon "proc" "/sys/net/netfilter" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.net.template))
diff --git a/src/sys/procfile/sysctlfile/netsysctlfile/unixnetsysctlfile.cil b/src/sys/procfile/sysctlfile/netsysctlfile/unixnetsysctlfile.cil
new file mode 100644
index 0000000..bd60a46
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/netsysctlfile/unixnetsysctlfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block unix
+
+  (genfscon "proc" "/sys/net/unix" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.net.template))
diff --git a/src/sys/procfile/sysctlfile/sunrpcsysctlfile.cil b/src/sys/procfile/sysctlfile/sunrpcsysctlfile.cil
new file mode 100644
index 0000000..1b297b7
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/sunrpcsysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block sunrpc
+
+  (genfscon "proc" "/sys/sunrpc" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.sunrpc.template))
+
+(in sysctlfile
+
+    (block sunrpc
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.sunrpc.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.macro_template_files)
+	(blockinherit .sysctlfile.sunrpc.base_template))))
diff --git a/src/sys/procfile/sysctlfile/usersysctlfile.cil b/src/sys/procfile/sysctlfile/usersysctlfile.cil
new file mode 100644
index 0000000..4b04c86
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/usersysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block user
+
+  (genfscon "proc" "/sys/user" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.user.template))
+
+(in sysctlfile
+
+    (block user
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.user.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.user.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/vmsysctlfile.cil b/src/sys/procfile/sysctlfile/vmsysctlfile.cil
new file mode 100644
index 0000000..b88afd2
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/vmsysctlfile.cil
@@ -0,0 +1,38 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block vm
+
+  (genfscon "proc" "/sys/vm" sysctlfile_context)
+
+  (blockinherit .sysctlfile.macro_template_dirs)
+  (blockinherit .sysctlfile.vm.template))
+
+(in sysctlfile
+
+    (block vm
+
+      (macro type ((type ARG1))
+	     (typeattributeset typeattr ARG1))
+
+      (typeattribute typeattr)
+
+      (blockinherit .file.all_macro_template_dirs)
+      (blockinherit .file.all_macro_template_files)
+
+      (call .sysctlfile.type (typeattr))
+
+      (block base_template
+
+	(blockabstract base_template)
+
+	(blockinherit .sysctlfile.base_template)
+
+	(call .sysctlfile.vm.type (sysctlfile)))
+
+      (block template
+
+	(blockabstract template)
+
+	(blockinherit .sysctlfile.vm.base_template)
+	(blockinherit .sysctlfile.macro_template_files))))
diff --git a/src/sys/procfile/sysctlfile/vmsysctlfile/overcommitmemoryvmsysctlfile.cil b/src/sys/procfile/sysctlfile/vmsysctlfile/overcommitmemoryvmsysctlfile.cil
new file mode 100644
index 0000000..2ecb737
--- /dev/null
+++ b/src/sys/procfile/sysctlfile/vmsysctlfile/overcommitmemoryvmsysctlfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block overcommitmemory
+
+  (genfscon "proc" "/sys/vm/overcommit_memory" sysctlfile_context)
+
+  (blockinherit .sysctlfile.vm.template))
diff --git a/src/sys/procfile/sysctlprocfile.cil b/src/sys/procfile/sysctlprocfile.cil
new file mode 100644
index 0000000..79507b3
--- /dev/null
+++ b/src/sys/procfile/sysctlprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block sysctl
+
+  (genfscon "proc" "/sys" procfile_context)
+
+  (blockinherit .procfile.base_template)
+  (blockinherit .procfile.macro_template_dirs))
diff --git a/src/sys/procfile/sysrqtriggerprocfile.cil b/src/sys/procfile/sysrqtriggerprocfile.cil
new file mode 100644
index 0000000..2950729
--- /dev/null
+++ b/src/sys/procfile/sysrqtriggerprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block sysrqtrigger
+
+  (genfscon "proc" "/sysrq-trigger" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/sysvipcprocfile.cil b/src/sys/procfile/sysvipcprocfile.cil
new file mode 100644
index 0000000..838e9eb
--- /dev/null
+++ b/src/sys/procfile/sysvipcprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block sysvipc
+
+  (genfscon "proc" "/sysvipc" procfile_context)
+
+  (blockinherit .procfile.macro_template_dirs)
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/timerlistprocfile.cil b/src/sys/procfile/timerlistprocfile.cil
new file mode 100644
index 0000000..5f4819c
--- /dev/null
+++ b/src/sys/procfile/timerlistprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block timerlist
+
+  (genfscon "proc" "/timer_list" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/ttyprocfile.cil b/src/sys/procfile/ttyprocfile.cil
new file mode 100644
index 0000000..33372b5
--- /dev/null
+++ b/src/sys/procfile/ttyprocfile.cil
@@ -0,0 +1,9 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(in tty
+
+    (genfscon "proc" "/tty" procfile_context)
+
+    (blockinherit .procfile.macro_template_dirs)
+    (blockinherit .procfile.template))
diff --git a/src/sys/procfile/uptimeprocfile.cil b/src/sys/procfile/uptimeprocfile.cil
new file mode 100644
index 0000000..c7eb400
--- /dev/null
+++ b/src/sys/procfile/uptimeprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block uptime
+
+  (genfscon "proc" "/uptime" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/versionprocfile.cil b/src/sys/procfile/versionprocfile.cil
new file mode 100644
index 0000000..3d89ba6
--- /dev/null
+++ b/src/sys/procfile/versionprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block version
+
+  (genfscon "proc" "/version" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/vmallocprocfile.cil b/src/sys/procfile/vmallocprocfile.cil
new file mode 100644
index 0000000..581a4eb
--- /dev/null
+++ b/src/sys/procfile/vmallocprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block vmallocinfo
+
+  (genfscon "proc" "/vmallocinfo" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/vmstatprocfile.cil b/src/sys/procfile/vmstatprocfile.cil
new file mode 100644
index 0000000..b72e9a6
--- /dev/null
+++ b/src/sys/procfile/vmstatprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block vmstat
+
+  (genfscon "proc" "/vmstat" procfile_context)
+
+  (blockinherit .procfile.template))
diff --git a/src/sys/procfile/zoneinfoprocfile.cil b/src/sys/procfile/zoneinfoprocfile.cil
new file mode 100644
index 0000000..48cf543
--- /dev/null
+++ b/src/sys/procfile/zoneinfoprocfile.cil
@@ -0,0 +1,8 @@
+;; SPDX-FileCopyrightText: © 2023 Dominick Grift <dominick.grift@defensec.nl>
+;; SPDX-License-Identifier: Unlicense
+
+(block zoneinfo
+
+  (genfscon "proc" "/zoneinfo" procfile_context)
+
+  (blockinherit .procfile.template))
author	Dominick Grift <dominick.grift@defensec.nl>	2023-08-20 15:44:41 +0200
committer	Dominick Grift <dominick.grift@defensec.nl>	2023-08-20 15:46:23 +0200
commit	0c187b6ff97f91c41dab65a6426dc61f77305cdf (patch)
tree	1e35f5851154500a8a39428a45a5671f9488e1da /src/sys/procfile
download	selinux-policy-0c187b6ff97f91c41dab65a6426dc61f77305cdf.tar.gz