Access decisions are one of the two basic kinds of decisions made by the SELinux security server. Transition decisions—which are sometimes called labeling decisions—are the second.
Since every object has a security context, newly created objects must be labeled with some security context. A transition decision decides what security context is chosen. Transition decisions come up in two common contexts:
The new process may run in the same domain as its parent or in another authorized domain. If the process runs in another domain, a domain transition is said to have occurred.
The new file (or file-like object, such as a directory) may be labeled with the security context of the directory containing it or with another authorized domain. If the file’s security context pertains to a domain other than that of the directory that contains it, a file-type transition—or, more simply, a type transition—is said to have occurred.
In SELinux, the terms domain and type are synonymous. The term domain is more often used in reference to processes, while type is more often used in reference to passive objects such as files.
Let’s first consider
creation. Given permission, a running
a parent process—may invoke the
exec syscall, creating a new process—called
child process—by executing a specified program file. Generally, the child process runs in the same SELinux domain as the parent process and receives ...