Provided by: mcstrans_3.8.1-1_amd64 bug

NAME
       setrans.conf - translation configuration file for MCS/MLS SELinux systems


DESCRIPTION
       The  /etc/selinux/{SELINUXTYPE}/setrans.conf  configuration  file  specifies the way that SELinux MCS/MLS
       labels are translated into human readable form by the mcstransd daemon.  The default policies support  16
       sensitivity  levels  (s0  through s15) and 1024 categories (c0 through c1023). Multiple categories can be
       separated with commas (c0,c1,c3,c5) and a range  of  categories  can  be  shortened  using  dot  notation
       (c0.c3,c5).

   Keywords
       Base   once  a base is declared, subsequent sensitivity label definitions will have all modifiers applied
              to  them  during  translation.   Sensitivity  labels  defined  before  the  base  declaration  are
              immediately cached and no modifiers will be applied these are used as direct translations.

       Default
              defines the category bit range that will be used for inverse bits.

       Domain creates a new domain with the supplied name.

       Include
              read and process the contents of the specified configuration file.

       Join   defines  a  character used to separate members of a modifier group when more than one is specified
              (ex. USA/AUS).

       ModifierGroup
              a means of grouping category bit definitions by how they modify the sensitivity label.

       Prefix word(s) that may proceed member(s) of a modifier group (ex. REL USA).

       Suffix word(s) that may follow member(s) of a modifier group (ex. USA EYES ONLY).

       Whitespace
              defines the set of acceptable white space characters that may be used in label being translated.

   Sensitivity Level Definition Examples
       s0=SystemLow
              defines a translation of s0 (the lowest sensitivity level) with no categories to SystemLow.

       s15:c0.c1023=SystemHigh
              defines a translation of s15:c0.c1023 to SystemHigh. c0.c1023 is shorthand for all  categories.  A
              colon separates the sensitivity level and categories.

       s0-s15:c0.c1023=SystemLow-SystemHigh
              defines  a  range translation of s0-s15:c0.c1023 to SystemLow-SystemHigh. The two range components
              are separated by a dash.

       s0:c0=PatientRecord
              defines a translation of sensitivity s0 with category c0 to PatientRecord.

       s0:c1=Accounting
              defines a translation of sensitivity s0 with category c1 to Accounting.

       s2:c1,c2,c3=Confidential3Categories

       s2:c1.c3=Confidential3Categories
              both  define  a  translation  of   sensitivity   s2   with   categories   c1,   c2   and   c3   to
              Confidential3Categories.

       s5=TopSecret
              defines a translation of sensitivity s5 with no categories to TopSecret.

   Constraint Examples
       c0!c1  if  category  bits 0 and 1 are both set, the constraint will fail and the original context will be
              returned.

       c5.c9>c1
              if category bits 5 through 9 are set, bit 1 must also be set or the constraint will fail  and  the
              original context will be returned.

       s1!c5,c9
              if category bits 5 and 9 are set and the sensitivity level is s1, the constraint will fail and the
              original context will be returned.


AUTHOR
           Written by Joe Nall <joe@nall.com>.
           Updated by Ted X. Toth <txtoth@gmail.com>.


SEE ALSO
       selinux(8), mcs(8), mls(8), chcon(1)


FILES
       /etc/selinux/{SELINUXTYPE}/setrans.conf
       /usr/share/mcstrans/examples

txtoth@gmail.com                                  13 July 2010                                   setrans.conf(5)