The first example (preventing httpd from accessing passwd) is not great because that problem does not require an LSM (except for the initial httpd process which is running as UID 0). You could fix that with a new group and adding all the (dis)allowed users to it; either with the main group or an ACL group.
@@jirehla-ab1671 I a not sure, but maybe you should look at fcontexts. semanage fcontext -a -t dirsrv_var_lib_t /srv/dirsrv/instance_name/db/ restorecon -Rv /srv/dirsrv/instance_name/db/
![Twenty One Pilots - “The Line” (from Arcane Season 2) [Official Music Video]](http://i.ytimg.com/vi/E2Rj2gQAyPA/mqdefault.jpg)
Brilliant and crisp explanation ,this one stands out from other Selinux tutorials. Thank you.
Exceptionally well done. Sets a high bar for other Linux videos
Very well clear explanation
Thank, man! Crystal clear explanation!
Perfect and clear
The first example (preventing httpd from accessing passwd) is not great because that problem does not require an LSM (except for the initial httpd process which is running as UID 0). You could fix that with a new group and adding all the (dis)allowed users to it; either with the main group or an ACL group.
Thanks for your comment! 👍
@@uadminif i run multiple database instances in same machine, Would that be considered multi tenant system? And how would selinux handle it?
@@jirehla-ab1671 I a not sure, but maybe you should look at fcontexts. semanage fcontext -a -t dirsrv_var_lib_t /srv/dirsrv/instance_name/db/
restorecon -Rv /srv/dirsrv/instance_name/db/