The first example (preventing httpd from accessing passwd) is not great because that problem does not require an LSM (except for the initial httpd process which is running as UID 0). You could fix that with a new group and adding all the (dis)allowed users to it; either with the main group or an ACL group.
@@jirehla-ab1671 I a not sure, but maybe you should look at fcontexts. semanage fcontext -a -t dirsrv_var_lib_t /srv/dirsrv/instance_name/db/ restorecon -Rv /srv/dirsrv/instance_name/db/
Brilliant and crisp explanation ,this one stands out from other Selinux tutorials. Thank you.
Exceptionally well done. Sets a high bar for other Linux videos
Perfect and clear
The first example (preventing httpd from accessing passwd) is not great because that problem does not require an LSM (except for the initial httpd process which is running as UID 0). You could fix that with a new group and adding all the (dis)allowed users to it; either with the main group or an ACL group.
Thanks for your comment! 👍
@@uadminif i run multiple database instances in same machine, Would that be considered multi tenant system? And how would selinux handle it?
@@jirehla-ab1671 I a not sure, but maybe you should look at fcontexts. semanage fcontext -a -t dirsrv_var_lib_t /srv/dirsrv/instance_name/db/
restorecon -Rv /srv/dirsrv/instance_name/db/