setrans.conf - translation configuration file for MCS/MLS SELinux
systems
The /etc/selinux/{SELINUXTYPE}/setrans.conf configuration
file specifies the way that SELinux MCS/MLS labels are translated into human
readable form by the mcstransd daemon. The default policies support 16
sensitivity levels (s0 through s15) and 1024 categories (c0 through c1023).
Multiple categories can be separated with commas (c0,c1,c3,c5) and a range
of categories can be shortened using dot notation (c0.c3,c5).
- Base
- once a base is declared, subsequent sensitivity label definitions will
have all modifiers applied to them during translation. Sensitivity labels
defined before the base declaration are immediately cached and no
modifiers will be applied these are used as direct translations.
- Default
- defines the category bit range that will be used for inverse bits.
- Domain
- creates a new domain with the supplied name.
- Include
- read and process the contents of the specified configuration file.
- Join
- defines a character used to separate members of a modifier group when more
than one is specified (ex. USA/AUS).
- ModifierGroup
- a means of grouping category bit definitions by how they modify the
sensitivity label.
- Prefix
- word(s) that may proceed member(s) of a modifier group (ex. REL USA).
- Suffix
- word(s) that may follow member(s) of a modifier group (ex. USA EYES ONLY).
- Whitespace
- defines the set of acceptable white space characters that may be used in
label being translated.
- c0!c1
- if category bits 0 and 1 are both set, the constraint will fail and the
original context will be returned.
- c5.c9>c1
- if category bits 5 through 9 are set, bit 1 must also be set or the
constraint will fail and the original context will be returned.
- s1!c5,c9
- if category bits 5 and 9 are set and the sensitivity level is s1, the
constraint will fail and the original context will be returned.
Written by Joe Nall <joe@nall.com>.
Updated by Ted X. Toth <txtoth@gmail.com>.
/etc/selinux/{SELINUXTYPE}/setrans.conf
/usr/share/mcstrans/examples