) is an enhancement to SELinux, and allows users to label files with categories. These categories are used to further constrain Discretionary Access Control
) and Type Enforcement
) logic. They may also be used when displaying or printing files. An example of a category is "Company_Confidential". Only users with access to this category can access files labeled with the category, assuming the existing DAC
rules also permit access.
The term categories
refers to the same non-hierarchical categories used by Multi-Level Security
). Under MLS
, objects and subjects are labeled with Security Levels
. These Security Levels consist of a hierarchical sensitivity value (such as "Top Secret") and zero or more non-hierarchical categories (such as "Crypto"). Categories provide compartments within sensitivity levels and enforce the need-to-know security principle. Refer to Section 49.6, “Multi-Level Security (MLS)”
for more information about Multi-Level Security.
126.96.36.199. What is Multi-Category Security?
is an adaptation of MLS
. From a technical point of view, MCS
is a policy change, combined with a few userland modifications to hide some of the unneeded MLS
technology. Some kernel changes were also made, but only relating to making it easy to upgrade to MCS
) without invoking a full file system relabel.
The hope is to improve the quality of the system as a whole, reduce costs, leverage the open source process, increase transparency, and make the technology base useful to more than a small group of extremely special-case users.
49.4.2. Applications for Multi-Category Security
Beyond access control, MCS
could be used to display the MCS
categories at the top and bottom of printed pages. This may also include a cover sheet to indicate document handling procedures. It should also be possible to integrate MCS
with future developments in SELinux, such as Security Enhanced X. Integration with a directory server will also make MCS
support for email easier. This could involve users manually labeling outgoing emails or by attaching suitably labeled files. The email client can then determine whether the recipients are known to be cleared to access the categories associated with the emails.
49.4.3. SELinux Security Contexts
SELinux stores security contexts as an extended attribute of a file. The
"security." namespace is used for security modules, and the
security.selinux name is used to persistently store SELinux security labels on files. The contents of this attribute will vary depending on the file or directory you inspect and the policy the machine is enforcing.
This is expected to change in the 2.6.15 kernel (and already has in the latest -mm kernels), so that
getxattr(2) always returns the kernel's canonicalized version of the label.
You can use the
ls -Z command to view the category label of a file:
ls -Z gravityControl.txt
-rw-r--r-- user user user_u:object_r:tmp_t:Moonbase_Plans gravityControl.txt
You can use the
gefattr(1) command to view the internal category value (c10):
getfattr -n security.selinux gravityControl.txt
# file: gravityControl.txt