diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
index bc355fa5fa..4aef352a98 100644
--- a/src/tools/genpolicy/genpolicy-settings.json
+++ b/src/tools/genpolicy/genpolicy-settings.json
@@ -299,6 +299,7 @@
             "commands": [],
             "regex": []
         },
+        "CloseStdinRequest": false,
         "ReadStreamRequest": false,
         "WriteStreamRequest": false
     }
diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index f5f616ced6..04ac97d45c 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -1143,6 +1143,10 @@ ExecProcessRequest {
     print("ExecProcessRequest 3: true")
 }
 
+CloseStdinRequest {
+    policy_data.request_defaults.CloseStdinRequest == true
+}
+
 ReadStreamRequest {
     policy_data.request_defaults.ReadStreamRequest == true
 }
diff --git a/src/tools/genpolicy/src/policy.rs b/src/tools/genpolicy/src/policy.rs
index 794c583d2e..56c79412fe 100644
--- a/src/tools/genpolicy/src/policy.rs
+++ b/src/tools/genpolicy/src/policy.rs
@@ -324,6 +324,9 @@ pub struct RequestDefaults {
     /// Commands allowed to be executed by the Host in all Guest containers.
     pub ExecProcessRequest: ExecProcessRequestDefaults,
 
+    /// Allow the Host to close stdin for a container. Typically used with WriteStreamRequest.
+    pub CloseStdinRequest: bool,
+
     /// Allow Host reading from Guest containers stdout and stderr.
     pub ReadStreamRequest: bool,