6.7. Changing file sensitivity in MLS


In the MLS SELinux policy, users can only modify files at their own sensitivity level. This is intended to prevent any highly sensitive information to be exposed to users at lower clearance levels, and also prevent low-clearance users creating high-sensitivity documents. Administrators, however, can manually increase a file’s classification, for example for the file to be processed at the higher level.

Prerequisites

  • SELinux policy is set to mls.
  • SELinux mode is set to enforcing.
  • You have security administration rights, which means that you are assigned to either:

    • The secadm_r role.
    • If the sysadm_secadm module is enabled, to the sysadm_r role. The sysadm_secadm module is enabled by default.
  • The policycoreutils-python-utils package is installed.
  • A user assigned to any clearance level. For additional information, see Establishing user clearance levels in MLS .

    In this example, User1 has clearance level s1.

  • A file with a classification level assigned and to which you have access.

    In this example, /path/to/file has classification level s1.

Procedure

  1. Check the file’s classification level:

    # ls -lZ /path/to/file
    -rw-r-----. 1 User1 User1 user_u:object_r:user_home_t:s1 0 12. Feb 10:43 /path/to/file
  2. Change the file’s default classification level:

    # semanage fcontext -a -r s2 /path/to/file
  3. Force the relabeling of the file’s SELinux context:

    # restorecon -F -v /path/to/file
    Relabeled /path/to/file from user_u:object_r:user_home_t:s1 to user_u:object_r:user_home_t:s2

Verification

  1. Check the file’s classification level:

    # ls -lZ /path/to/file
    -rw-r-----. 1 User1 User1 user_u:object_r:user_home_t:s2 0 12. Feb 10:53 /path/to/file
  2. Optional: Verify that the lower-clearance user cannot read the file:

    $ cat /path/to/file
    cat: file: Permission denied
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2026 Red Hat
맨 위로 이동