Now that we know more about types (both for processes as well as files and other resources), let's look into how these are used in the SELinux policy in more detail.
We have discussed the
sesearch application already and how it can be used to query the current SELinux policy. Let's look again at the process transitions:
$ sesearch -s initrc_t -t httpd_t -c process -p transition -A Found 1 semantic av rules: allow initrc_domain daemon : process transition ;
Even though we asked for the rules related to the
initrc_t source domain and the
httpd_t target, we get a rule back for the
initrc_domain source domain and the
daemon target. What
sesearch did here was show us how the requested ...