1mcs(8)                         mcs documentation                        mcs(8)
2
3
4

NAME

6       mcs - Multi-Category System
7
8

DESCRIPTION

10       MCS  (Multiple  Category  System)  allows users to label files on their
11       system within administrator defined categories.  It then  uses  SELinux
12       Mandatory  Access  Control  to  protect those files.   MCS is a discre‐
13       tionary model to allow users to mark their data  with  additional  tags
14       that further restrict access.  The only mandatory aspect is authorizing
15       users for categories by defining their clearance in  policy.   However,
16       MCS  is  similar to MLS and exercises the same code paths and share the
17       same support infrastructure.  They just differ in their  specific  con‐
18       figuration.
19
20
21       The  /etc/selinux/{SELINUXTYPE}/setrans.conf  configuration file trans‐
22       lates the labels on disk to human readable form.    Administrators  can
23       define  any  labels  they want in this file.  Certain applications like
24       printing and auditing will use these labels to identify the files.   By
25       setting  a  category on a file you will prevent other applications/ser‐
26       vices from having access to the files.  Examples of file  labels  would
27       be PatientRecord, CompanyConfidential etc.
28
29

SEE ALSO

31       selinux(8), chcon(1)
32
33

FILES

35       /etc/selinux/{SELINUXTYPE}/setrans.conf
36
37
38
39dwalsh@redhat.com                 8 Sep 2005                            mcs(8)
Impressum