The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
Applies access controls to multiple levels of processes with
each level having different rules for user access. Users
cannot obtain access to information if they do not have the
correct authorization to run a process at a specific level. In
SELinux, MLS implements the Bell–LaPadula (BLP) model for
system security, which applies labels to files, processes and
other system objects to control the flow of information
between security levels. In a typical implementation, the
labels for security levels might range from the most secure,
top secret
, through
secret
, and classified
,
to the least secure, unclassified
. For
example, under MLS, you might configure a program labelled
secret
to be able to write to a file that
is labelled top secret
, but not to be able
to read from it. Similarly, you would permit the same program
to read from and write to a file labelled
secret
, but only to read
classified
or
unclassified
files. As a result,
information that passes through the program can flow upwards
through the hierarchy of security levels, but not downwards.
You must install the selinux-policy-mls
package if you want to be able to apply the MLS policy.