Hi, currently the target context of the security:setbool permission check is hardcoded to the security-initial-sid.[1][2] Nowadays it is possible to label the boolean pseudo files via genfscon. Is this by design or did nobody yet make it possible to base the check on the actual file-context? Or is the current access limitation to booleans via the file:write permission to the boolean pseudo-files sufficient? [1]: https://github.com/torvalds/linux/blob/b1dba2473114588be3df916bf629a61bdcc83737/security/selinux/selinuxfs.c#L1234 [2]: https://github.com/torvalds/linux/blob/b1dba2473114588be3df916bf629a61bdcc83737/security/selinux/selinuxfs.c#L1290
