49.5.3. Configuring Categories
SELinux maintains a mapping between internal sensitivity and category levels and their human-readable representations in the
setrans.conf file. The system administrator edits this file to manage and maintain the required categories.
Use the
chcat -L command to list the current categories:
~]# chcat -L
s0
s0-s0:c0.c1023 SystemLow-SystemHigh
s0:c0.c1023 SystemHigh
To modify the categories or to start creating your own, modify the
/etc/selinux/<selinuxtype>/setrans.conf file. For the example introduced above, add the Marketing, Finance, Payroll, and Personnel categories as follows (this example uses the targeted policy, and irrelevant sections of the file have been omitted):
~]# vi /etc/selinux/targeted/setrans.conf
s0:c0=Marketing
s0:c1=Finance
s0:c2=Payroll
s0:c3=Personnel
Use the
chcat -L command to check the newly-added categories:
~]# chcat -L
s0:c0 Marketing
s0:c1 Finance
s0:c2 Payroll
s0:c3 Personnel
s0
s0-s0:c0.c1023 SystemLow-SystemHigh
s0:c0.c1023 SystemHighNote
After you make any changes to the
setrans.conf file, you need to restart the MCS translation service before those changes take effect. Use the following command to restart the service:
~]# service mcstrans restart