On Wed, 21 Mar 2018 11:07:20 +0100
Petr Lautrbach <plautrba(a)redhat.com> wrote:
On Wed, Mar 21, 2018 at 10:11:11AM +0100, Lukas Prediger wrote:
> More specifically, I have users
> john | mcsuser_u | s0-s0:c122
> jane | mcsuser_u | s0-s0:c123
>
> with
> mcsuser_u | MLS/MCS Level: s0 | MLS/MCS Range: s0-s0:c0.c1023 |
> SELinux Roles: user_r
>
MLS and MCS were originally intended for top-secret (TS/SCI) government
work at the NSA.
The MLS (Multi-Level Security) corresponds to the levels "s0-s15".
These were supposed to represent various levels of government security
classification, e.g. FOUO, Confidential, Secret, Top Secret.
The MCS (Multi-Category Security) was intended for "Sensitive
Compartmented Information" or "SCI". (Not my department -- I don't
need
to know -- that sort of thing.)
MLS and MCS are not enabled or enforced in the "targeted policy" which
is not intended for heavily targeted systems, but rather to target
scarce open-source SELinux policy development resources at the
hardest-hit and most vulnerable sub-systems.
There has not been much interest in developing open source MLS/MCS
policies for SELinux on end user systems. I'm glad to see someone is
tinkering with it.