Transition Decisions
Access decisions are one of the two basic kinds of decisions made by the SELinux security server. Transition decisions—which are sometimes called labeling decisions—are the second.
Since every object has a security context, newly created objects must be labeled with some security context. A transition decision decides what security context is chosen. Transition decisions come up in two common contexts:
- Process (subject) creation
The new process may run in the same domain as its parent or in another authorized domain. If the process runs in another domain, a domain transition is said to have occurred.
- File (object) creation
The new file (or file-like object, such as a directory) may be labeled with the security context of the directory containing it or with another authorized domain. If the file’s security context pertains to a domain other than that of the directory that contains it, a file-type transition—or, more simply, a type transition—is said to have occurred.
Tip
In SELinux, the terms domain and type are synonymous. The term domain is more often used in reference to processes, while type is more often used in reference to passive objects such as files.
Let’s first consider
process
creation. Given permission, a running
process—called
a parent process—may invoke the
exec
syscall, creating a new process—called
a child process—
by executing a specified program file. Generally, the child process runs in the same SELinux domain as the parent process and receives ...
Get SELinux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.