2010-07-21 19:40:00 +00:00
|
|
|
.TH "mcs" "8" "8 Sep 2005" "dwalsh@redhat.com" "mcs documentation"
|
|
|
|
|
|
|
|
.SH "NAME"
|
|
|
|
mcs \- Multi-Category System
|
|
|
|
|
|
|
|
.SH "DESCRIPTION"
|
|
|
|
MCS (Multiple Category System) allows users to label files on their
|
|
|
|
system within administrator defined categories. It then uses SELinux
|
|
|
|
Mandatory Access Control to protect those files. MCS is a discretionary
|
|
|
|
model to allow users to mark their data with additional tags that further
|
|
|
|
restrict access. The only mandatory aspect is authorizing users for
|
|
|
|
categories by defining their clearance in policy. However, MCS is similar
|
|
|
|
to MLS and exercises the same code paths and share the same support
|
|
|
|
infrastructure. They just differ in their specific configuration.
|
|
|
|
|
|
|
|
|
|
|
|
The
|
|
|
|
.I /etc/selinux/{SELINUXTYPE}/setrans.conf configuration file translates the labels on disk to human
|
|
|
|
readable form. Administrators can define any labels they want in this file.
|
|
|
|
Certain applications like printing and auditing will use these labels to
|
|
|
|
identify the files. By setting a category on a file you will prevent
|
|
|
|
other applications/services from having access to the files.
|
2013-05-10 12:45:21 +00:00
|
|
|
.P
|
2010-10-27 20:50:00 +00:00
|
|
|
Examples of file labels would be PatientRecord, CompanyConfidential etc.
|
2010-07-21 19:40:00 +00:00
|
|
|
|
|
|
|
.SH "SEE ALSO"
|
|
|
|
selinux(8), chcon(1)
|
|
|
|
|
|
|
|
.SH FILES
|
|
|
|
/etc/selinux/{SELINUXTYPE}/setrans.conf
|