SELinux/MCS

= Multi Category System - MCS = MCS is a policy that is based around a number of categories. Currently in Fedora it's an advisory policy which users can override at a whim. We intend to make it a discretionary policy and may at some future time add mandatory elements to it.

The core of MCS is a set of 256 categories that may be assigned to each process. A process must have a category set which is a superset of the categories assigned to a file if it is to access that file. Currently MCS only controls access to regular files and some IPC (signals and ptrace).

MCS uses the same kernel code and application interfaces as the MLS Policy. MCS will be significantly more popular than MLS and thus will make a good test-bed for the MLS kernel functionality as well as making it easier and more desirable for application vendors to provide support.

= Links =
 * James Morris first blog entry describing MCS
 * Later blog entry from James giving more detail on MCS including how to use it
 * James post to the SE Linux list defending MCS