FreeBSD 6.2 MAC user security

Hi all, I am looking for someone with knowledge of FreeBSD MAC security. I need this person to design and create an howto to implement the following user security: - users may not read any file outside of their home directory appart from the required system files, binaries, crontab and man pages - users may not open any network socket/port (not able to run a network deamon) but should be able to fetch data from the outside - there should be a configuration that blocks users from accessing certain ports - the www user should have access to every user directories - users have to be able to read and erase their own apache log files Those configurations should be ajustable on a per-user basis. I do not wish to use any chroot method, all the security should be done via the MAC modules. If this project is succesfull, I will have other projects concerning FreeBSD administration/security, I am looking for a partner on this and this project is a way to get to know each other. Please let me know if you have any question or need any more details on this project. Many thanks for your interest. Best Regards, -- Alexis Susset [login to view URL] Director