Greg KH wrote:
>>>>Perhaps we should LGPL the security.h. Does that create problems?
>>>>
>>>I would object to this. That would be granting the explicit right for
>>>it to be used in closed source binaries. I do not want to grant that
>>>explicit right.
>>>
>>That is exactly what I always intended LSM to do.
>>
>In reading over the original messages announcing this project I do not
>see that stated anywhere. Am I missing something?
>
LSM was proposed as an enhancement to the existing LKM (Loadable Kernel
Module) interface. As such, I thought it was implicit, if not obvious,
that LSM would not change the current licensing practices for LKMs.
Current practice discourages closed source modules, but permits them if
they do not require modification to the kernel to run, as helpfully
pointed out by Richard Offer in his citation to "Linux Device Drivers,
2nd ed, O'Reilly, p12".
>If this is one of the goals of the project it should be mentioned right
>up front so that people will realize this.
>
Ok. I propose the following text:
LSM, being an enhancement to the Linux Loadable Kernel Module
interface, uses the same licensing requirements as LKMs. As of this
writing <date> that practice is that closed source modules are
discouraged. Closed source modules are permitted only if they do
not require any changes at all to the Linux kernel. Requiring
changes to the Linux kernel makes a module a derived work of the
kernel, and thus subject to the Linux kernels' GPL.
Now, WHY should it be this way? Because security modules are often
large & expensive to maintain. When Linus rejected outright inclusion of
SELinux into Linux, he cut off security from the large powerhouse that
is Linux maintenance: security module maintainers are on their own.
Some security modules (SELinux, LIDS) will likely follow the GPL path of
hoping to gather helpers. Other security vendors (SGI, HP, WireX) might
seek to create commercial (proprietary) modules that they sell for
money, and use the money to maintain the modules. NOTE: Contrary to this
post http://marc.theaimsgroup.com/?l=linux-kernel&m=100134989121896&w=2
on the Linux kernel mailing list, to my knowledge such closed modules
either do not exist or have not been released.
I view this as similar to Linux permitting proprietary applications
(e.g. Netscape Navigator, Oracle, DB2, Lotus Domino, Word Perfect). LSM
modules are applications for the kernel, and NOT core OS infrastructure.
If a powerful security module was to be a core part of Linux, then Linus
would have selected and accepted one/some. He explicitly did not. So
these security features must be maintained separate from Linux, just as
applications are.
What do I want: Greg has graciously rolled back his Sunday patch with
the license comment. I want it to stay that way. Any changes regarding
policy towards binary modules should be made by Linus and apply to the
Linux kernel as a whole, and not be special to LSM.
Crispin
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution: http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 12:37:54 PDT