<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="contrib.html">+ contrib</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> - <a href='kernel_corecommands.html'> corecommands</a><br/> - <a href='kernel_corenetwork.html'> corenetwork</a><br/> - <a href='kernel_devices.html'> devices</a><br/> - <a href='kernel_domain.html'> domain</a><br/> - <a href='kernel_files.html'> files</a><br/> - <a href='kernel_filesystem.html'> filesystem</a><br/> - <a href='kernel_kernel.html'> kernel</a><br/> - <a href='kernel_mcs.html'> mcs</a><br/> - <a href='kernel_mls.html'> mls</a><br/> - <a href='kernel_selinux.html'> selinux</a><br/> - <a href='kernel_storage.html'> storage</a><br/> - <a href='kernel_terminal.html'> terminal</a><br/> - <a href='kernel_ubac.html'> ubac</a><br/> - <a href='kernel_unlabelednet.html'> unlabelednet</a><br/> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: kernel</h1><p/> <h2>Module: mcs</h2><p/> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p>Multicategory security policy</p></p> <p>This module is required to be included in all policies.</p> <hr> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_mcs_constrained"></a> <div id="interface"> <div id="codeblock"> <b>mcs_constrained</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Constrain by category access control (MCS). </p> <h5>Description</h5> <p> </p><p> Constrain the specified type by category based access control (MCS) This prevents this domain from interacting with subjects and operating on objects that it otherwise would be able to interact with or operate on respectively. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Type to be constrained by MCS. </p> </td></tr> </table> </div> </div> <a name="link_mcs_file_read_all"></a> <div id="interface"> <div id="codeblock"> <b>mcs_file_read_all</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> This domain is allowed to read files and directories regardless of their MCS category set. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain target for user exemption. </p> </td></tr> </table> </div> </div> <a name="link_mcs_file_write_all"></a> <div id="interface"> <div id="codeblock"> <b>mcs_file_write_all</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> This domain is allowed to write files and directories regardless of their MCS category set. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain target for user exemption. </p> </td></tr> </table> </div> </div> <a name="link_mcs_killall"></a> <div id="interface"> <div id="codeblock"> <b>mcs_killall</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> This domain is allowed to sigkill and sigstop all domains regardless of their MCS category set. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain target for user exemption. </p> </td></tr> </table> </div> </div> <a name="link_mcs_process_set_categories"></a> <div id="interface"> <div id="codeblock"> <b>mcs_process_set_categories</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make specified domain MCS trusted for setting any category set for the processes it executes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain target for user exemption. </p> </td></tr> </table> </div> </div> <a name="link_mcs_ptrace_all"></a> <div id="interface"> <div id="codeblock"> <b>mcs_ptrace_all</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> This domain is allowed to ptrace all domains regardless of their MCS category set. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain target for user exemption. </p> </td></tr> </table> </div> </div> <a name="link_mcs_socket_write_all_levels"></a> <div id="interface"> <div id="codeblock"> <b>mcs_socket_write_all_levels</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make specified domain MCS trusted for writing to sockets at any level. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>