From 0b8b8426aa673d8b68ee6047b9783276c7d60e31 Mon Sep 17 00:00:00 2001
From: Dominick Grift <dominick.grift@defensec.nl>
Date: Mon, 26 Aug 2024 07:48:44 +0200
Subject: support userspace_initial_context

---
 src/misc/conf.cil | 1 +
 src/misc/isid.cil | 2 +-
 src/sys.cil       | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/misc/conf.cil b/src/misc/conf.cil
index bf95ef0..a9211fc 100644
--- a/src/misc/conf.cil
+++ b/src/misc/conf.cil
@@ -12,3 +12,4 @@
 (policycap "nnp_nosuid_transition")
 (policycap "open_perms")
 (policycap "ioctl_skip_cloexec")
+(policycap "userspace_initial_context")
diff --git a/src/misc/isid.cil b/src/misc/isid.cil
index 75f8bd7..fd57c17 100644
--- a/src/misc/isid.cil
+++ b/src/misc/isid.cil
@@ -3,6 +3,7 @@
 
 (sid devnull)
 (sid file)
+(sid init)
 (sid kernel)
 (sid netif)
 (sid netmsg)
@@ -16,7 +17,6 @@
 (sid fs)
 (sid icmp_socket)
 (sid igmp_packet)
-(sid init)
 (sid kmod)
 (sid policy)
 (sid scmp_packet)
diff --git a/src/sys.cil b/src/sys.cil
index fed73dc..61dec20 100644
--- a/src/sys.cil
+++ b/src/sys.cil
@@ -1,6 +1,7 @@
 ;; SPDX-FileCopyrightText: © 2024 Dominick Grift <dominick.grift@defensec.nl>
 ;; SPDX-License-Identifier: Unlicense
 
+(sidcontext init (sys.id sys.role sys.subj lowlevelrange)) ;; userspace_initial_context
 (sidcontext kernel (sys.id sys.role sys.subj lowlevelrange))
 
 (block sys
-- 
cgit v1.2.3