Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 227

...
/usr/*bash cx -> local_profile,
...
profile local_profile
{
...
}
}
NOTE: Difference Between Normal and Named Transitions
When used with globbing, normal transitions provide a "one to many" relation-
ship—/bin/** px will transition to /bin/ping, /bin/cat, etc, depending
on the program being run.
Named transitions provide a "many to one" relationship—all programs that
match the rule regardless of their name will transition to the specified profile.
Named profile transitions show up in the log as having the mode Nx. The name
of the profile to be changed to is listed in the name2 field.
21.8.8 Inheritance Fallback for Profile
Transitions
The px and cx transitions specify a hard dependency—if the specified profile does not
exist, the exec will fail. With the inheritance fallback, the execution will succeed but
inherit the current profile. To specify inheritance fallback, ix is combined with cx,
Cx, px and Px into the modes cix, Cix, pix and Pix. The fallback modes can be
used with named profile transitions, too.
21.8.9 Variable Settings in Execution Modes
When choosing one of the Px, Cx or Ux execution modes, take into account that the
following environment variables are removed from the environment before the child
process inherits it. As a consequence, applications or processes relying on any of these
variables do not work anymore if the profile applied to them carries Px, Cx or Ux flags:
Profile Components and Syntax 215