policycoreutils

SELinux core policy utilities

Security-enhanced Linux is a patch of the Linux? kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement?, Role-based Access Control, and Multi-level Security. This package contains the core policy utilities that are required for basic operation of an SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles, run_init to run /etc/init.d scripts in the proper context, and restorecond to restore contexts of files that often get the wrong context. It also includes the mcstransd to map a maching readable sensitivity label to a human readable form. The sensitivity label is comprised of a sensitivity level (always s0 for MCS and anything from s0 to s15 for MLS) and a set of categories. A ranged sensitivity label will have a low level and a high level where the high level will dominate the low level. Categories are numbered from c0 to c1023. Names such as s0 and c1023 and not easily readable by humans, so mcstransd translated them to human readable labels such as SystemLow and SystemHigh.