I have a client with a legacy application running on RH 3 (=the latest version supported by app). There is a process that has to run as root (and not in a chroot environment). I need to prevent this process from accessing some sensitive data files.
According to this post, it seems SELinux can do this: Restrict access to a specific directory on Linux
However, I do not know SELinux and I am trying to find out if my specific scenario is possible on such an old RH distro and with the process running as root. If it is, I'll need to read up on SELinux (unless there is an easier way to accomplish this).
Is this possible? If so, some details / pointers would be great.