< SELinux
fp-wiki>ImportUser (Imported from MoinMoin) |
(added category SELinux) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 10: | Line 10: | ||
* [http://james-morris.livejournal.com/8228.html Later blog entry from James giving more detail on MCS including how to use it] | * [http://james-morris.livejournal.com/8228.html Later blog entry from James giving more detail on MCS including how to use it] | ||
* [http://www.nsa.gov/selinux/list-archive/0507/12124.cfm James post to the SE Linux list defending MCS] | * [http://www.nsa.gov/selinux/list-archive/0507/12124.cfm James post to the SE Linux list defending MCS] | ||
[[Category:SELinux]] | |||
Latest revision as of 18:16, 15 August 2015
Multi Category System - MCS
MCS is a policy that is based around a number of categories. Currently in Fedora it's an advisory policy which users can override at a whim. We intend to make it a discretionary policy and may at some future time add mandatory elements to it.
The core of MCS is a set of 256 categories that may be assigned to each process. A process must have a category set which is a superset of the categories assigned to a file if it is to access that file. Currently MCS only controls access to regular files and some IPC (signals and ptrace).
MCS uses the same kernel code and application interfaces as the MLS Policy . MCS will be significantly more popular than MLS and thus will make a good test-bed for the MLS kernel functionality as well as making it easier and more desirable for application vendors to provide support.