## Multicategory security policy ## ## Contains attributes used in MCS policy. ## ######################################## ## ## Constrain by category access control (MCS). ## ## ##

## Constrain the specified type by category based ## access control (MCS) This prevents this domain from ## interacting with subjects and operating on objects ## that it otherwise would be able to interact ## with or operate on respectively. ##

##
## ## ## Type to be constrained by MCS. ## ## ## # interface(`mcs_constrained',` gen_require(` attribute mcs_constrained_type; ') typeattribute $1 mcs_constrained_type; ') ######################################## ## ## This domain is allowed to read files and directories ## regardless of their MCS category set. ## ## ## ## Domain target for user exemption. ## ## ## # interface(`mcs_file_read_all',` gen_require(` attribute mcsreadall; ') typeattribute $1 mcsreadall; ') ######################################## ## ## This domain is allowed to write files and directories ## regardless of their MCS category set. ## ## ## ## Domain target for user exemption. ## ## ## # interface(`mcs_file_write_all',` gen_require(` attribute mcswriteall; ') typeattribute $1 mcswriteall; ') ######################################## ## ## This domain is allowed to sigkill and sigstop ## all domains regardless of their MCS category set. ## ## ## ## Domain target for user exemption. ## ## ## # interface(`mcs_killall',` gen_require(` attribute mcskillall; ') typeattribute $1 mcskillall; ') ######################################## ## ## This domain is allowed to ptrace ## all domains regardless of their MCS ## category set. ## ## ## ## Domain target for user exemption. ## ## # interface(`mcs_ptrace_all',` gen_require(` attribute mcsptraceall; ') typeattribute $1 mcsptraceall; ') ######################################## ## ## Make specified domain MCS trusted ## for setting any category set for ## the processes it executes. ## ## ## ## Domain target for user exemption. ## ## # interface(`mcs_process_set_categories',` gen_require(` attribute mcssetcats; ') typeattribute $1 mcssetcats; ')