Is it possible to only enable ACL protection inside a chrooted processes environment?
Off the top of my head it seems you could just define a "wide open" ACL from root, and then define the restricted ACL's starting at the chroot directory and then more ACL's on the binaries inside the chrooted environment.
Are there any glaringly obvious flaws to doing it that way?
Thanks.