I'm a newbie, and I have a question about whether or not a security context can be dynamically applied to a PID. Here's an example, I have a master process running under user "x". The process can fork to create some number of sub-processes. Each of these sub-process must also run as user "x" for some specific reasons. So, the UID cannot be changed. However, when the sub-process is created I know the PID, and I also know some "role" based information about why that sub process was created. Now I want to be able to dynamically apply a security context to that PID (i.e. allow/disallow internet access, restrict some directory access...) I know that you can use SELinux to set the security context, but I have 2 questions:

1. Can you set an SELinux context dynamically?
2. Can you set an SELinux context to a specific PID?

Are there commercial tools that provide such capabilities?