mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-08 06:30:01 +00:00
7e0f012474
The majority of the patch is just handling the case of memory allocation failures and making sure things get cleaned up correctly in those cases. This also moves duplicate code in parse_ebitmap() and parse_raw() into parse_category(), and also updates the parse function to ensure the config files are in the correct format. Signed-off-by: Steve Lawrence <slawrence@tresys.com>
31 lines
1.2 KiB
Groff
31 lines
1.2 KiB
Groff
.TH "mcs" "8" "8 Sep 2005" "dwalsh@redhat.com" "mcs documentation"
|
|
|
|
.SH "NAME"
|
|
mcs \- Multi-Category System
|
|
|
|
.SH "DESCRIPTION"
|
|
MCS (Multiple Category System) allows users to label files on their
|
|
system within administrator defined categories. It then uses SELinux
|
|
Mandatory Access Control to protect those files. MCS is a discretionary
|
|
model to allow users to mark their data with additional tags that further
|
|
restrict access. The only mandatory aspect is authorizing users for
|
|
categories by defining their clearance in policy. However, MCS is similar
|
|
to MLS and exercises the same code paths and share the same support
|
|
infrastructure. They just differ in their specific configuration.
|
|
|
|
|
|
The
|
|
.I /etc/selinux/{SELINUXTYPE}/setrans.conf configuration file translates the labels on disk to human
|
|
readable form. Administrators can define any labels they want in this file.
|
|
Certain applications like printing and auditing will use these labels to
|
|
identify the files. By setting a category on a file you will prevent
|
|
other applications/services from having access to the files.
|
|
.p
|
|
Examples of file labels would be PatientRecord, CompanyConfidential etc.
|
|
|
|
.SH "SEE ALSO"
|
|
selinux(8), chcon(1)
|
|
|
|
.SH FILES
|
|
/etc/selinux/{SELINUXTYPE}/setrans.conf
|