;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl>
;; SPDX-License-Identifier: Unlicense

(handleunknown allow)
(mls true)

;; disable for now
;(policycap "always_check_network")
(policycap "cgroup_seclabel")
(policycap "extended_socket_class")
(policycap "genfs_seclabel_symlinks")
(policycap "network_peer_controls")
(policycap "nnp_nosuid_transition")
(policycap "open_perms")
(policycap "ioctl_skip_cloexec")
(policycap "userspace_initial_context")

;; (policycap "netlink_xperm") ;; Requires Linux 6.13/SELinux 3.8