SELinux maintains a mapping between internal sensitivity and category levels and their human-readable representations in the setrans.conf file. The system administrator edits this file to manage and maintain the required categories.

Use the chcat -L command to list the current categories:

[root@dhcp-133 tmp]# chcat -L
s0:c0                          CompanyConfidential
s0:c3                          TopSecret
s0
s0-s0:c0.c255             SystemLow-SystemHigh
s0:c0.c255                  SystemHigh

To modify the categories or to start creating your own, modify the /etc/selinux/<selinuxtype>/setrans.conf file. For the example introduced above, add the Marketing, Finance, Payroll, and Personnel categories as follows (this example uses the targeted policy, and irrelevant sections of the file have been omitted):

[root@dhcp-133 tmp]# vi /etc/selinux/targeted/setrans.conf
s0:c0=Marketing
s0:c1=Finance
s0:c2=Payroll
s0:c3=Personnel

Use the chcat -L command to check the newly-added categories:

[root@dhcp-133 tmp]# chcat -L
s0:c0                          Marketing
s0:c1                          Finance
s0:c2                          Payroll
s0:c3                          Personnel
s0
s0-s0:c0.c255            SystemLow-SystemHigh
s0:c0.c255                 SystemHigh

[root@dhcp-133 ~]# service mcstrans restart