On Fri, 2010-01-08 at 11:35 -0800, Usman S. Ansari wrote:
I have written a driver for Linux kernel, in this driver I am using
sk_security field for driver's internal data structure. This means that if SELinux is
enabled, it will have conflict with my driver. For this reason, I run my driver with
SELinux disabled.
I want to know if it is possible to, only enable security on files and not on network
objects ?
>From what I have read about SELinux, it looks like this it possible, I just need
conformation. And if this is possible, will SELinux need to use sk_security filed or not.
If this is wrong list, please let me know appropriate place.
Thanks.
No, not possible (and not a legitimate use of that field by your driver
regardless). From 2006:
commit c2b507fda390b8ae90deba9b8cdc3fe727482193
Author: Stephen Smalley <sds(a)tycho.nsa.gov>
Date: Sat Feb 4 23:27:50 2006 -0800
[PATCH] selinux: require SECURITY_NETWORK
Make SELinux depend on SECURITY_NETWORK (which depends on SECURITY), as it
requires the socket hooks for proper operation even in the local case.
--
Stephen Smalley
National Security Agency