Enabling the mcstrans Service

The mcstrans service automatically translates MCS category and MLS sensitivity values against a map of human-readable text labels that are defined as editable configuration entries. If you're using a targeted policy, the configuration file is in /etc/selinux/targeted/setrans.conf. If you're using an mls policy, the configuration file is in /etc/selinux/mls/setrans.conf or as individual configuration files within /etc/selinux/mls/setrans.d.

The mcstrans service can make it easier for users to make sense of category and sensitivity values returned by the system for different SELinux outputs and can make it easier to set appropriate values when defining security contexts. See the setrans.conf(8) and mcstransd(8) manual pages for more information.

To install and enable the mcstrans service, run:

sudo dnf install -y mcstrans
sudo enable --now mcstrans

If you update any of the setrans.conf files to create custom mappings, you must restart the mcstrans service:

sudo systemctl restart mcstrans

You can verify that translations are applied by running:

chcat -L

The command returns a list of the current mappings applied by the mcstrans service.