1mcs(8) mcs documentation mcs(8)
2
3
4
6 mcs - Multi-Category System
7
8
10 MCS (Multiple Category System) allows users to label files on their
11 system within administrator defined categories. It then uses SELinux
12 Mandatory Access Control to protect those files. MCS is a discre‐
13 tionary model to allow users to mark their data with additional tags
14 that further restrict access. The only mandatory aspect is authorizing
15 users for categories by defining their clearance in policy. However,
16 MCS is similar to MLS and exercises the same code paths and share the
17 same support infrastructure. They just differ in their specific con‐
18 figuration.
19
20
21 The /etc/selinux/{SELINUXTYPE}/setrans.conf configuration file trans‐
22 lates the labels on disk to human readable form. Administrators can
23 define any labels they want in this file. Certain applications like
24 printing and auditing will use these labels to identify the files. By
25 setting a category on a file you will prevent other applications/ser‐
26 vices from having access to the files.
27
28 Examples of file labels would be PatientRecord, CompanyConfidential
29 etc.
30
31
33 selinux(8), chcon(1)
34
35
37 /etc/selinux/{SELINUXTYPE}/setrans.conf
38
39
40
41dwalsh@redhat.com 8 Sep 2005 mcs(8)