NAME¶
mcs - Multi-Category System
DESCRIPTION¶
MCS (Multiple Category System) allows users to label files on their system
within administrator defined categories. It then uses SELinux Mandatory Access
Control to protect those files. MCS is a discretionary model to allow users to
mark their data with additional tags that further restrict access. The only
mandatory aspect is authorizing users for categories by defining their
clearance in policy. However, MCS is similar to MLS and exercises the same
code paths and share the same support infrastructure. They just differ in
their specific configuration.
The
/etc/selinux/{SELINUXTYPE}/setrans.conf configuration file translates the
labels on disk to human readable form. Administrators can define any
labels they want in this file. Certain applications like printing and auditing
will use these labels to identify the files. By setting a category on a file
you will prevent other applications/services from having access to the files.
Examples of file labels would be PatientRecord, CompanyConfidential etc.
SEE ALSO¶
selinux(8),
chcon(1)
FILES¶
/etc/selinux/{SELINUXTYPE}/setrans.conf