mcs - Man Page

Multi-Category System

Examples (TL;DR)

Description

MCS (Multiple Category System) allows users to label files on their  system within administrator defined categories.  It then uses SELinux Mandatory Access Control to protect those files.   MCS is a discretionary  model to allow users to mark their data with additional tags that further  restrict access.  The only mandatory aspect is authorizing users for  categories by defining their clearance in policy.  However, MCS is similar  to MLS and exercises the same code paths and share the same support  infrastructure.  They just differ in their specific configuration.

The /etc/selinux/{SELINUXTYPE}/setrans.conf configuration file translates the labels on disk to human readable form.   Administrators can define any labels they want in this file. Certain applications like printing and auditing will use these labels to  identify the files.  By setting a category on a file you will prevent  other applications/services from having access to the files.

Examples of file labels would be PatientRecord, CompanyConfidential etc.

See Also

selinux(8), chcon(1)

Files

/etc/selinux/{SELINUXTYPE}/setrans.conf

Referenced By

mcstransd(8), setrans.conf(5).

8 Sep 2005 dwalsh@redhat.com mcs documentation