grsecurity forums

[walid]

Can I make restriction on some files so that they can be read , write but cant be printed by some users and cant be copied to any other machine on network except the specified, and cant be emailed except to specified addresses?

[spender]

This sort of thing is impossible for any system, no matter how complex (including SELinux). Once a file is read into memory, there's no real control you can have over what gets done with it. Watching network traffic for the file isn't good enough because you can have covert channels/encryption, etc.
Protection within an application itself can be defeated if an attacker gains control of the process.

-Brad

[msi]

you can use a ip/tcp filter to only let out smtp traffic out. And only smtp traffic with your allowed destinations.
but these restrctionts apply to your whole host and not only to specific files.

[specs]

You want some kind of DRM to protect your content.

You'll have to encrypt your content and use some central control system to grant access, deny access or revoke access. Most options mostly "outsource" the control over the content. Please check if you don't simply throw away security.

DRM is however incompatible with open source. Once unencrypted it can be copied and used anywhere. Open Source programms can be altered to create a copy to disk (or any other place).

You might want to search for TCPA, trusted computing and similar sources to view better explanations of the risks involved. You'll run into the same problems.
http://www.againsttcpa.com/