Limiting the scope of transitions
For security reasons, Linux systems can reduce the ability for processes to gain elevated privileges under certain situations or provide additional constraints to reduce the likelihood of vulnerabilities to be exploitable. The SELinux developers too honor these situations.
Sanitizing environments on transition
When a higher-privileged command is executed (be it a setuid application or one where capabilities are added to the session), the GNU C Library (glibc) will sanitize the environment. This means that a set of sensitive environment variables is discarded to make sure that attackers or malicious persons or applications cannot influence the session.
This secure execution is controlled through an Executable and Linkable Format (ELF) auxiliary vector called AT_SECURE. When set, environment variables such as LD_PRELOAD, LD_AUDIT, LD_DEBUG, TMPDIR, and NLSPATH are removed from the session.
SELinux will force this sanitation on domain transitions as well, ensuring...
