Re: [PATCH] make LSM register functions GPLonly exports

[Crispin Cowan <crispin@wirex.com>]

[-- Attachment #1: Type: text/plain, Size: 2194 bytes --]

Linus Torvalds wrote:

>Note that if this fight ends up being a major issue, I'm just going to 
>remove LSM and let the security vendors do their own thing.
>
If it comes to that, go ahead and apply the patch. I would far rather 
have an LSM that requires GPL'd modules than no LSM at all.

> So far
>
> - I have not seen a lot of actual usage of the hooks
>
There are half a dozen modules here http://lsm.immunix.org/lsm_modules.html

I suspect there is a lot more use of LSM pending, and it will appear 
when the LSM interface stops changing, and when Linux 2.6 (or 3.0, 
whatever) appears. See for example the cover story in the September 2002 
Linux Journal: an LSM module being built by Ericsson Research for telco 
purposes.

>I will re-iterate my stance on the GPL and kernel modules:
>
>  There is NOTHING in the kernel license that allows modules to be 
>  non-GPL'd. 
>
>  The _only_ thing that allows for non-GPL modules is copyright law, and 
>  in particular the "derived work" issue. A vendor who distributes non-GPL 
>  modules is _not_ protected by the module interface per se, and should 
>  feel very confident that they can show in a court of law that the code 
>  is not derived.
>
Thanks for the clarification, but that still leaves questions. In 
particular, it is unclear whether a work is "derived" if it includes 
kernel header files, which is more or less required if you hope to make 
a module fit the interface.

Note that if we decide that #include of a kernel header file means that 
a work is derived, then we cause another problem: most Linux 
applications come under the GPL.  glibc #includes some kernel header 
files, and most Linux applications #include glibc headers, so most 
applications are #including kernel header files. If #include is the 
basis for declaring a module to be a derived work of the kernel, then 
there is some bad news coming for people who like to use Oracle and DB2 
on Linux ...

Thanks,
    Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html


[-- Attachment #2: Type: application/pgp-signature, Size: 252 bytes --]