Is it possible to configure SELinux to give read access for some file (SSL private certifcate) to some binary only (eg. Apache server) ?
It is possible to create a new file type and give explicit read permission to one domain only. There still will be shared permissions given to some other particular domains using attributes like file_type. As an example, see the output of
# sesearch -A -t slapd_cert_t -c file -p read
allow abrt_dump_oops_t non_security_file_type:file { append create getattr ioctl link lock map open read rename setattr unlink watch watch_reads write };
allow aide_t file_type:file { getattr ioctl lock map open read };
allow amanda_t file_type:file { getattr ioctl lock open read };
allow antivirus_domain non_security_file_type:file { getattr ioctl lock open read }; [ antivirus_can_scan_system ]:True
allow antivirus_domain slapd_cert_t:file { getattr ioctl lock open read };
...