From 0e1cc1e01ec3a4d6c6be82bfa62ece2d96d1ee18 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <chpebeni@linux.microsoft.com>
Date: Thu, 2 Mar 2023 09:00:45 -0500
Subject: [PATCH] Define user_namespace object class.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
---
 policy/flask/access_vectors   | 5 +++++
 policy/flask/security_classes | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 2219fb197..a22b11a7e 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -1072,3 +1072,8 @@ class io_uring
 	override_creds
 	sqpoll
 }
+
+class user_namespace
+{
+	create
+}
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 636357899..f187c590f 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -203,4 +203,6 @@ class anon_inode
 
 class io_uring
 
+class user_namespace
+
 # FLASK