after pondering this further (post-post, natch)...i had a thought (yes--it hurt). you could probably use SELinux to achieve this. the
minimal benefits that others have pointed out, and the overly complex
nature of SELinux probably yields a pretty low benefit/cost ratio,
though.
<smart a$$ comment>Want some ice?</smart a$$ comment>
Eh, the benefit / cost ratio might be low, but we are hackers and we do what we do for the challenge / fun / bragging rights of it.
Grant. . . .