Layer: kernel

Module: mcs

Description:

Multicategory security policy

This module is required to be included in all policies.

Interfaces:

mcs_constrained(
	
		domain
		
	)

Summary

Constrain by category access control (MCS).

Description

Constrain the specified type by category based access control (MCS) This prevents this domain from interacting with subjects and operating on objects that it otherwise would be able to interact with or operate on respectively.

Parameters

Parameter:	Description:
domain	Type to be constrained by MCS.

mcs_file_read_all(
	
		domain
		
	)

Summary

This domain is allowed to read files and directories regardless of their MCS category set.

Parameters

Parameter:	Description:
domain	Domain target for user exemption.

mcs_file_write_all(
	
		domain
		
	)

Summary

This domain is allowed to write files and directories regardless of their MCS category set.

Parameters

Parameter:	Description:
domain	Domain target for user exemption.

mcs_killall(
	
		domain
		
	)

Summary

This domain is allowed to sigkill and sigstop all domains regardless of their MCS category set.

Parameters

Parameter:	Description:
domain	Domain target for user exemption.

mcs_process_set_categories(
	
		domain
		
	)

Summary

Make specified domain MCS trusted for setting any category set for the processes it executes.

Parameters

Parameter:	Description:
domain	Domain target for user exemption.

mcs_ptrace_all(
	
		domain
		
	)

Summary

This domain is allowed to ptrace all domains regardless of their MCS category set.

Parameters

Parameter:	Description:
domain	Domain target for user exemption.

Return