{"id":"rhel9-container-mcs-isolation","text":"RHEL 9 container isolation leverages the full MCS restrictive access control model: container-selinux assigns unique MCS categories per container, enforced only after DAC and Type Enforcement pass, requiring conjunction of all assigned categories for inter-container access.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"rhel9-container-mcs-isolation","truth_value":"IN","reason":"premise"}]}}