5 Extending SELinux Policies with Multi-Category Security
Multi-Category Security (MCS) extends the SELinux targeted and Multi-Level Security (MLS)
policies so you can assign category labels to processes and files. With MCS, files can be
accessed only by processes or users that are assigned to the same categories that apply to the
file. MCS is applied after all other security checks have been performed. Thus MCS is
typically used to further restrict access. Category tags range from c0 to
c1023, but you can define text labels for these category values to make
them easier to work with. The mcstrans service can be used to translate
between the category values and text labels when handling system inputs and outputs.
While MLS can be used to define different security levels or sensitivity for data, MCS can be used to group data for different purposes. For example, you might run the same service for several different projects on a system and data within each project that might have different levels of sensitivity. Users must only be granted access to data that meets their sensitivity clearance for a particular project. MCS enforces this restriction by associating a category tag with each project. The resulting security context of a file or process is a combination of SELinux user, SELinux role, SELinux type, MLS sensitivity level, and MCS category.
Table 5-1 Matrix to illustrate data sensitivity and category application
| Sensitivity | Category | |||
| Not specified | Accountancy | Marketing | Development | |
| Unclassified |
s0
|
s0:c0
|
s0:c1
|
s0:c2
|
| Internal |
s1
|
s1:c0
|
s1:c1
|
s1:c2
|
| Restricted |
s2
|
s2:c0
|
s2:c1
|
s2:c2
|
| Highly Restricted |
s3
|
s3:c0
|
s3:c1
|
s3:c2
|
In the example table, a highly privileged user in the accountancy department
(c0) with a requirement to access highly restricted data
(s3) might have the following security context defined:
user_u:user_r:user_t:s3:c0