## Multicategory security policy ## ## Contains attributes used in MCS policy. ## ######################################## ## ## This domain is allowed to read files and directories ## regardless of their MCS category set. ## ## ## ## Domain target for user exemption. ## ## ## # interface(`mcs_file_read_all',` gen_require(` attribute mcsreadall; ') typeattribute $1 mcsreadall; ') ######################################## ## ## This domain is allowed to write files and directories ## regardless of their MCS category set. ## ## ## ## Domain target for user exemption. ## ## ## # interface(`mcs_file_write_all',` gen_require(` attribute mcswriteall; ') typeattribute $1 mcswriteall; ') ######################################## ## ## This domain is allowed to sigkill and sigstop ## all domains regardless of their MCS category set. ## ## ## ## Domain target for user exemption. ## ## ## # interface(`mcs_killall',` gen_require(` attribute mcskillall; ') typeattribute $1 mcskillall; ') ######################################## ## ## This domain is allowed to ptrace ## all domains regardless of their MCS ## category set. ## ## ## ## Domain target for user exemption. ## ## # interface(`mcs_ptrace_all',` gen_require(` attribute mcsptraceall; ') typeattribute $1 mcsptraceall; ') ######################################## ## ## Make specified domain MCS trusted ## for setting any category set for ## the processes it executes. ## ## ## ## Domain target for user exemption. ## ## # interface(`mcs_process_set_categories',` gen_require(` attribute mcssetcats; ') typeattribute $1 mcssetcats; ') ######################################## ## ## Make specified process type MCS untrusted. ## ## ##

## Make specified process type MCS untrusted. This ## prevents this process from sending signals to other processes ## with different mcs labels ## object. ##

##
## ## ## The type of the process. ## ## # interface(`mcs_untrusted_proc',` gen_require(` attribute mcsuntrustedproc; ') typeattribute $1 mcsuntrustedproc; ')