To obey the Least Privilege principle, in context of the network connections established by a process, each executable file in the system may be assigned a list of rules describing its allowed outgoing connections (Subsection 4.4.5). These rules are transformed into a Process IPL List (Subsection 4.4.6) once an executable is executed. In case of the Process IPL Lists there is no need for inheritance across the execution chains (Subsection 4.4.7).
Current LinSec IPL design covers the TCP/IP set of protocols only.
However, it should be possible for the principles to be applied to other
transport level4.9 protocols supported
by Linux.