Provided by: policycoreutils_2.3-1_amd64 bug

NAME

       setrans.conf - translation configuration file for MCS/MLS SELinux systems

DESCRIPTION

       The  /etc/selinux/{SELINUXTYPE}/setrans.conf  configuration  file  specifies  the way that
       SELinux MCS/MLS labels are translated into human readable form by  the  mcstransd  daemon.
       The  default  policies  support 16 sensitivity levels (s0 through s15) and 1024 categories
       (c0 through c1023). Multiple categories can be separated with commas (c0,c1,c3,c5)  and  a
       range of categories can be shortened using dot notation (c0.c3,c5).

   Keywords
       Base   once  a  base  is  declared, subsequent sensitivity label definitions will have all
              modifiers applied to them during translation.  Sensitivity  labels  defined  before
              the  base declaration are immediately cached and no modifiers will be applied these
              are used as direct translations.

       Default
              defines the category bit range that will be used for inverse bits.

       Domain creates a new domain with the supplied name.

       Include
              read and process the contents of the specified configuration file.

       Join   defines a character used to separate members of a modifier group when more than one
              is specified (ex. USA/AUS).

       ModifierGroup
              a  means  of  grouping  category bit definitions by how they modify the sensitivity
              label.

       Prefix word(s) that may proceed member(s) of a modifier group (ex. REL USA).

       Suffix word(s) that may follow member(s) of a modifier group (ex. USA EYES ONLY).

       Whitespace
              defines the set of acceptable white space characters that  may  be  used  in  label
              being translated.

   Sensitivity Level Definition Examples
       s0=SystemLow
              defines  a  translation  of s0 (the lowest sensitivity level) with no categories to
              SystemLow.

       s15:c0.c1023=SystemHigh
              defines a translation of s15:c0.c1023 to SystemHigh. c0.c1023 is shorthand for  all
              categories. A colon separates the sensitivity level and categories.

       s0-s15:c0.c1023=SystemLow-SystemHigh
              defines  a range translation of of s0-s15:c0.c1023 to SystemLow-SystemHigh. The two
              range components are separated by a dash.

       s0:c0=PatientRecord
              defines a translation of sensitivity s0 with category c0 to PatientRecord.

       s0:c1=Accounting
              defines a translation of sensitivity s0 with category c1 to Accounting.

       s2:c1,c2,c3=Confidential3Categories

       s2:c1.c3=Confidential3Categories
              both define a translation of sensitivity s2  with  categories  c1,  c2  and  c3  to
              Confidential3Categories.

       s5=TopSecret
              defines a translation of sensitivity s5 with no categories to TopSecret.

   Constraint Examples
       c0!c1  if  category  bits  0 and 1 are both set, the constraint will fail and the original
              context will be returned.

       c5.c9>c1
              if category bits 5 through 9 are set, bit 1 must also be set or the constraint will
              fail and the original context will be returned.

       s1!c5,c9
              if  category  bits  5 and 9 are set and the sensitivity level is s1, the constraint
              will fail and the original context will be returned.

AUTHOR

           Written by Joe Nall <joe@nall.com>.
           Updated by Ted X. Toth <txtoth@gmail.com>.

SEE ALSO

       selinux(8), mcs(8), mls(8), chcon(1)

FILES

       /etc/selinux/{SELINUXTYPE}/setrans.conf
       /usr/share/mcstrans/examples