многокатегорийная система (Multi-Category System)
Имя (Name)
mcs - Multi-Category System
Описание (Description)
MCS (Multiple Category System) allows users to label files on
their system within administrator defined categories. It then
uses SELinux Mandatory Access Control to protect those files.
MCS is a discretionary model to allow users to mark their data
with additional tags that further restrict access. The only
mandatory aspect is authorizing users for categories by defining
their clearance in policy. However, MCS is similar to MLS and
exercises the same code paths and share the same support
infrastructure. They just differ in their specific
configuration.
The /etc/selinux/{SELINUXTYPE}/setrans.conf configuration file
translates the labels on disk to human readable form.
Administrators can define any labels they want in this file.
Certain applications like printing and auditing will use these
labels to identify the files. By setting a category on a file
you will prevent other applications/services from having access
to the files.
Examples of file labels would be PatientRecord,
CompanyConfidential etc.
Смотри также (See also)
selinux(8), chcon(1)
Файлы (Files)
/etc/selinux/{SELINUXTYPE}/setrans.conf
