7.1 The SELinux Type-Enforcement Model

7.1 The SELinux Type-Enforcement Model

As explained in Chapter 2, the SELinux type-enforcement model associates each process with a domain and each nonprocess object with a type. ^[1] Permissions define the operations that can be performed upon objects. Thus, you can think of a domain as a set of related processes that share the same permissions. For instance, the Apache web server process runs within the httpd_t domain and therefore possesses the permissions associated with that domain. The SELinux policy grants permissions to domains and specifies rules for transitioning between domains.

^[1] Recall that, in the context of SELinux, the words domain and type are synonymous; however, it's customary to use domain in reference to processes and type in reference to nonprocess objects.

Permissions are encoded as access vectors, which specify the operations that a domain is authorized to perform on objects of a given type, such as files. Thus, you can think of an object's type as implicitly referring to the set of rules ”that is, the access vector ”that specify the permissible operations on the object. For instance, access vector rules enable processes within the httpd_t domain to write to the web server log files.

Under Linux, processes fork new processes when they execute programs. The new process is called a child process and the process that forked the child process is called a parent process . The child process may run within the same domain as the parent. Alternatively, the SELinux policy may specify a new domain to enter when the process is forked. Programs that can enter new domains upon execution are called domain entry points . For instance, the init run-control processes are associated with the initrc_t domain. However, when the init process starts the web server process, the web server process does not run in this domain. Instead, the web server process automatically transitions to the httpd_t domain, as specified by the SELinux policy.