next up previous contents
Next: 6.2 Simplified domain transition:program Up: 6 Domain transition Previous: 6 Domain transition   Contents

6.1 Domain transition:domain_trans

  1. Syntax
    domain_trans parent domain filename-of-entrypoint;
  2. Meaning
    This defines how domain is assigned to process.
  3. Example
    {
       domain httpd_t;
       domain_trans initrc_t /sbin/httpd;
    ...
    
    Above means that when process(domain: initrc_t) executes /sbin/httpd, /sbin/httpd runs as httpd_t domain.
  4. Note
    Dynamic domain transition can be configured by omitting entry point. For example, {
    domain httpd_t;
    domain_trans initrc_t;

    means, dynamic domain transition from initrc_t to httpd_t is allowed.



Yuichi Nakamura 2006-11-13