On Mon, Sep 24, 2001 at 12:36:06PM -0700, Crispin Cowan wrote: > LSM was proposed as an enhancement to the existing LKM (Loadable Kernel > Module) interface. As such, I thought it was implicit, if not obvious, > that LSM would not change the current licensing practices for LKMs. > Current practice discourages closed source modules, but permits them if > they do not require modification to the kernel to run, as helpfully > pointed out by Richard Offer in his citation to "Linux Device Drivers, > 2nd ed, O'Reilly, p12". Yes, and as he also helpfully pointed out, that verbage is not listed in the kernel source tree anywhere. Talk to your lawyer about this, I know I have :) > I view this as similar to Linux permitting proprietary applications > (e.g. Netscape Navigator, Oracle, DB2, Lotus Domino, Word Perfect). LSM > modules are applications for the kernel, and NOT core OS infrastructure. > If a powerful security module was to be a core part of Linux, then Linus > would have selected and accepted one/some. He explicitly did not. So > these security features must be maintained separate from Linux, just as > applications are. NO! Have you actually _read_ the file COPYING in the kernel tree? Please go do so now. There is _huge_ difference between applications using the kernel syscalls and a kernel module. If you don't understand that, please go read some books about the Linux kernel internals before responding. And also go look at the manpage for insmod(8) please. It says: "insmod tries to link a module into the running kernel..." If you can execute a kernel module on your own, without linking into the kernel, then feel free to :) > What do I want: Greg has graciously rolled back his Sunday patch with > the license comment. I want it to stay that way. Any changes regarding > policy towards binary modules should be made by Linus and apply to the > Linux kernel as a whole, and not be special to LSM. Again, no. We have to confront this in the LSM now due to you stating that one of the goals of the project is to enable closed source security kernel modules. Because of that, my odds are that this patch will not be accepted. Please go read the linux-kernel archives about things like this in the past. And we are allowed to make our own policy, such as this "valid licensed code only" due to the structure of the kernel. Other subsystems are going to do the same thing for 2.5 (IDE for sure, others will follow.) We are going to have a hard enough time getting this patch accepted into the kernel without having to deal with the licensing issue that you have expressed. I can not defend that to anyone, and I welcome anyone else to try to defend this position with any kernel developer, including Linus. "Include this patch so we can make binary modules, please?", isn't going to get you very far :) Three of the four copyright owners of the security.h file have agreed to this change. Please reconsider your stance, for the sake of the project. thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 13:58:46 PDT