Man Linux: Main Page and Category List


       mcs - Multi-Category System


       MCS  (Multiple  Category  System)  allows users to label files on their
       system within administrator defined categories.  It then  uses  SELinux
       Mandatory   Access   Control   to  protect  those  files.    MCS  is  a
       discretionary model to allow users to mark their data  with  additional
       tags  that  further  restrict  access.   The  only  mandatory aspect is
       authorizing users for categories by defining their clearance in policy.
       However,  MCS  is  similar to MLS and exercises the same code paths and
       share the same support  infrastructure.   They  just  differ  in  their
       specific configuration.

       The    /etc/selinux/{SELINUXTYPE}/setrans.conf    configuration    file
       translates the labels on disk to human readable form.    Administrators
       can  define  any  labels  they want in this file.  Certain applications
       like printing and auditing will use these labels to identify the files.
       By   setting   a   category   on   a   file   you  will  prevent  other
       applications/services from having access to the files.

       Examples of file lables  would  be  PatientRecord,  CompanyConfidential


       selinux(8), chcon(1)