Na verdade, o SELinux parece permitir tal configurações :
Desde o primeiro Howto :
This time, you will see all processes on the system regardless of the domain they are in. When in sysadm_t domain, you have access to other domains which the user_t domain does not.
Do segundo Howto :
The third line allows staff_t to run ps and see processes in the unprivileged user domains. staff_t is able to run ps and see everything in user_t and other user domains if any, whereas user_t can not.