Up until now, we've only handled the configuration part on file contexts: if we would ask SELinux utilities to relabel files, then the changes we made would come into effect. However, unless you run with the
restorecond daemon checking out all possible file modifications (which would really be a resource hog) or run
restorecon manually against all files regularly, the newly defined contexts will not be applied to the files.
What we need to do is modify the local SELinux policy so that, upon creation of these files, the Linux kernel automatically assigns the right label to those files. This is handled through file transitions, which is a specific case of a type transition.
In a type transition, we ...