SELinux/MCS

From FedoraProject

< SELinux
Revision as of 14:13, 24 May 2008 by ImportUser (Talk)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Multi Category System - MCS

MCS is a policy that is based around a number of categories. Currently in Fedora it's an advisory policy which users can override at a whim. We intend to make it a discretionary policy and may at some future time add mandatory elements to it.

The core of MCS is a set of 256 categories that may be assigned to each process. A process must have a category set which is a superset of the categories assigned to a file if it is to access that file. Currently MCS only controls access to regular files and some IPC (signals and ptrace).

MCS uses the same kernel code and application interfaces as the MLS Policy . MCS will be significantly more popular than MLS and thus will make a good test-bed for the MLS kernel functionality as well as making it easier and more desirable for application vendors to provide support.

Links