On Sat, 26 Oct 2002, Russell Coker wrote: > How is writing a proprietary LSM kernel module any different from any other > proprietary kernel module? See Linus' statements at http://marc.theaimsgroup.com/?l=linux-kernel&m=103487469728730&w=2 and http://marc.theaimsgroup.com/?l=linux-kernel&m=103487582630213&w=2. As he explains, non-GPL modules were for pre-existing works of code (e.g. drivers, filesystems) ported from other operating systems that could be clearly argued to not be derived works of the Linux kernel. He also notes that the limited export table acted somewhat as a barrier to separate such modules from the kernel. Most (all?) of the LSM-based security modules were originally implemented as Linux kernel patches, sometimes with a separate module, but that module still had to be GPL'd since it depended on a kernel patch. Furthermore, at least some security modules contain code that is clearly derived from the Linux kernel (e.g. variants of d_path for reconstructing pathnames, code for flushing unauthorized descriptors on a domain-changing execve, etc). The LSM patch significantly extends the kernel's exported interface, and most of the kernel developers only seem willing to tolerate LSM if the interface is explicitly noted to be restricted to GPL-only modules. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Oct 28 2002 - 04:42:32 PST