Layer: kernel

Module: mcs

Interfaces

Description:

Multicategory security policy

This module is required to be included in all policies.


Interfaces:

mcs_killall( domain )
Summary

This domain is allowed to sigkill and sigstop all domains regardless of their MCS category set.

Parameters
Parameter:Description:
domain

Domain target for user exemption.

mcs_process_set_categories( domain )
Summary

Make specified domain MCS trusted for setting any category set for the processes it executes.

Parameters
Parameter:Description:
domain

Domain target for user exemption.

mcs_process_set_low( domain )
Summary

Make specified domain MCS trusted for setting the low level of its range for the processes it executes, IE MCS will not be mandatory for it.

Parameters
Parameter:Description:
domain

Domain target for user exemption.

mcs_ptrace_all( domain )
Summary

This domain is allowed to ptrace all domains regardless of their MCS category set.

Parameters
Parameter:Description:
domain

Domain target for user exemption.

mcs_trusted_object( domain )
Summary

Make specified object MCS trusted.

Description

Make specified object MCS trusted. This allows all levels to read and write the object.

This currently only applies to filesystem objects, for example, files and directories.

Parameters
Parameter:Description:
domain

The type of the object.

Return