diff options
| -rw-r--r-- | src/misc/conf.cil | 1 | ||||
| -rw-r--r-- | src/misc/isid.cil | 2 | ||||
| -rw-r--r-- | src/sys.cil | 1 |
3 files changed, 3 insertions, 1 deletions
diff --git a/src/misc/conf.cil b/src/misc/conf.cil index bf95ef0..a9211fc 100644 --- a/src/misc/conf.cil +++ b/src/misc/conf.cil @@ -12,3 +12,4 @@ (policycap "nnp_nosuid_transition") (policycap "open_perms") (policycap "ioctl_skip_cloexec") +(policycap "userspace_initial_context") diff --git a/src/misc/isid.cil b/src/misc/isid.cil index 75f8bd7..fd57c17 100644 --- a/src/misc/isid.cil +++ b/src/misc/isid.cil @@ -3,6 +3,7 @@ (sid devnull) (sid file) +(sid init) (sid kernel) (sid netif) (sid netmsg) @@ -16,7 +17,6 @@ (sid fs) (sid icmp_socket) (sid igmp_packet) -(sid init) (sid kmod) (sid policy) (sid scmp_packet) diff --git a/src/sys.cil b/src/sys.cil index fed73dc..61dec20 100644 --- a/src/sys.cil +++ b/src/sys.cil @@ -1,6 +1,7 @@ ;; SPDX-FileCopyrightText: © 2024 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense +(sidcontext init (sys.id sys.role sys.subj lowlevelrange)) ;; userspace_initial_context (sidcontext kernel (sys.id sys.role sys.subj lowlevelrange)) (block sys |