Domain transition
Now, let's find out how a process accesses other processes.
Let's consider that the vsftpd process is running; if it's not started, we can start it using the following command:
systemctl start vsftpd
The vsftpd process is started by the systemd process; this is a replacement of the Sys V init process and runs within a context of init_t:
ps -eZ | grep init
The systemd process running under the init_t domain is very short lived; it invokes /usr/sbin/vsftpd, which has a type context ftpd_exec_t, and when this binary executable starts, it becomes the vsftpd service itself and runs in the ftpd_t domain.
So, here's the systemd process running under the init_t domain executing a binary file with the ftpd_exec_t type. The binary file then starts a service within the ftpd_t domain.
Domain transition is followed by three strict rules:
The parent process of the source domain must have the permission to execute the application between both the domains
The file context for that application...
