Re: [PATCH] make LSM register functions GPLonly exports

[Crispin Cowan <crispin@wirex.com>]

[-- Attachment #1: Type: text/plain, Size: 2590 bytes --]

Greg KH wrote:

>On Thu, Oct 17, 2002 at 03:35:05PM +0100, Christoph Hellwig wrote:
>  
>
>>These exports have the power to change the implementations of all
>>syscalls and I've seen people exploiting this "feature".
>>
>>Make the exports GPLonly (which some LSM folks agreed to
>>when it was merged initially to avoid that).
>>    
>>
>I would really, really, really like to make this change.  Unfortunatly,
>one of the current copyright holders of this file does not agree with
>it.
>
>Crispin, for the benifit of the lkml readers, can you explain why WireX
>does not want this change?
>
Here's the monster flame-war we had the last time this issue was debated 
http://www.uwsg.iu.edu/hypermail/linux/kernel/0109.3/0102.html

My argument against the intent of this change is that no, I do not think 
we should restrict LSM modules to be GPL-only. LSM is an API for loading 
externally developed packages of software, similar to syscalls. There is 
benefit in permitting proprietary modules (you get additional modules 
that you would not get otherwise) just as there is benefit in permitting 
proprietary applications (you get Oracle, DB2, and WordPerfect).

My argument against the implementation technique of dropping in these 
export GPLonly symbols is that my read of the GPL itself means that they 
have no legal impact. The crux of the matter is whether a *court* finds 
that LSM is "linking" (in the GPL sense) or is an "interface":

    * If it is "linking": then all LSM modules end up GPL'd, regardless
      of what any of us want.
    * If it is "an interface": then the GPL specifically *prohibits* you
      from imposing additional restrictions, such as requiring someone
      else's module to be GPL'd, to wit:
          o Clause 4: "You may not copy, modify, sublicense, or
            distribute the Program except as expressly provided under
            this License."
          o Clause 6: "... You may not impose any further restrictions
            on the recipients' exercise of the rights granted herein."

Therefore, the EXPORT_SYMBOL_GPL is just a bunch of useless bloat, with 
no legal standing what so ever. If kernel module interfaces are held by 
a court to be linking, then export symbols are redundant. If kernel 
module interfaces are held by a court to be an interface, then the 
export symbols are just wrong.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html


[-- Attachment #2: Type: application/pgp-signature, Size: 252 bytes --]