Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp523770pxa; Wed, 12 Aug 2020 07:49:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwT5iF23hjEXV8h29kVwwwMNgA7Z9x+YHeWNlkV3az6dTtwdhM0ZxJk/N8UgLO33+yu5HPX X-Received: by 2002:a50:fa94:: with SMTP id w20mr291722edr.82.1597243745894; Wed, 12 Aug 2020 07:49:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597243745; cv=none; d=google.com; s=arc-20160816; b=csAhvoKYdZtm4sIXo/xug2hTaQPUT5gmX7v6Z2bevlVE9pNhqRXr8120Tm0FbraWUc 9IHunQofv/IeUGO5Tot9o087eVs3cYKrmjdUrgmcmn3bPKMbz3Q56i8cAy7BcopnxrAT XROuH88AP6sfigLi37F6oL3S/HHmgIkw3e5Obtqq1l1iN3LGa0t3Wn5Ssrlik1pkTMWk yFqWkAhWePDTcOuzaYjg4s59mBmBu7U/+LB5KEDVwfaI+uq3aKjvDSqxjb56B9rdAmDF 0g9iFvCpgWMoyIjmptCdLLmdiqW9PjALt7JBYn9bRNTf4ful1ZnvZtHmlLkDq8ZdD5Lb UlLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature; bh=kQOJV8hQKKWi1Q4IBwonjxI4nlnYdAyxL48CghY2b34=; b=xuhoEHot5KNOMqvFD34LsmnA9zZZIUMkwgp4mhl/w/k3Ge2ICQZeq4pKFVUAkqBJk+ w01SzHZRLLWjnDDSNjSykPJa+ywfHgVIpLwweEejbu/j6Ipj8jJAwTPe0qY8tERBlEGe b+bCuKOmP33rj4CYh2j2YQ9c8HrLqn/knuRrNwzIVIYj6EIEm91shbA44TPAOqF5ewHx n5/zxaKhbHhtPx0BhbXVMpaGc52o+dPpO23fkgWApNbxyxCVU7dZkVQMs/McUMCJb8O1 tQl9pillwtP47oNgiHxv3ehcwfjsXn9q0XzhNmsQ8zpRyuxHoSQ8yU1TndSZqe4wgAi7 4twQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=HGQFwkMB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x6si1643367ede.204.2020.08.12.07.48.42; Wed, 12 Aug 2020 07:49:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=HGQFwkMB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726660AbgHLOqB (ORCPT + 99 others); Wed, 12 Aug 2020 10:46:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49038 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726485AbgHLOqB (ORCPT ); Wed, 12 Aug 2020 10:46:01 -0400 Received: from mail-il1-x142.google.com (mail-il1-x142.google.com [IPv6:2607:f8b0:4864:20::142]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F3492C061383; Wed, 12 Aug 2020 07:46:00 -0700 (PDT) Received: by mail-il1-x142.google.com with SMTP id p13so1858958ilh.4; Wed, 12 Aug 2020 07:46:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=kQOJV8hQKKWi1Q4IBwonjxI4nlnYdAyxL48CghY2b34=; b=HGQFwkMBI0qZO7MrD0rp1rh/DwuatULSWC/TiTjc9FpR639vDt8wLod16lHEAgWVXH XY/Olcv9YPJYu5mbQ//6e/+4DgrFb2uQNUoGS3NSOjDW3Z+GX1guEJ8A5V/+WuogzmwZ qKc9hbiTlyrh/T0KKY6Y9dDr4uMbK6x4uLivHygeyGF1RnzfICFM6Jk8oc+wvWnk+Xjc 2yv81izp0yfN4CzEpLu8fNlunwIjjUt2c7fono233rGNqbuOlrCVp/N8zDYXr/Ob99Jm eUwgbm0s0S5ZhVeIpen7HznxUNNDmhXFS1QDH9omiN2bvck9akJvRUz2WQEpMvLM1v0S B8wg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=kQOJV8hQKKWi1Q4IBwonjxI4nlnYdAyxL48CghY2b34=; b=D8wUSmkNZBxuObflQKSY2ViJdaFvyC4PJTzq7KHd58X7fgXUNyWukWM3fcV5KvNUVO mopMHZPCFVxumKI0i8shEBsY1BX3Wjn6kV+0rDxEHXbCzFuV+NhHihjNwKAgho+3J7iv 6US6gTMsTKBamXTqfPoCB92YUMHtZFgjGOYkll/lSQjWNrPb44f3tPEoCGWiKgdKNM1l feTGsWSRKqcCgD3Sx25TrXtI02/8QAHbLVfp4F3VW2zRmZWuK1JScA0FLqZWoUy1kCNK tdOnZ5rJr8xW85KX9axb22EGe+U2tuPuFwCYo1R9NYisG4H/4Q+rOGuCMhhprGTlSrZf so4w== X-Gm-Message-State: AOAM530tDB9lArvmlVVkc5LxQI7Grm74UttCcwlOHEA1tH0Py1Poc6Z4 5rI92Mj0qTvS4QtA/rmpSyw= X-Received: by 2002:a92:6d0c:: with SMTP id i12mr8272ilc.37.1597243558796; Wed, 12 Aug 2020 07:45:58 -0700 (PDT) Received: from anon-dhcp-152.1015granger.net (c-68-61-232-219.hsd1.mi.comcast.net. [68.61.232.219]) by smtp.gmail.com with ESMTPSA id k14sm1089731ion.17.2020.08.12.07.45.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Aug 2020 07:45:57 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) Subject: Re: [dm-devel] [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE) From: Chuck Lever In-Reply-To: <1597159969.4325.21.camel@HansenPartnership.com> Date: Wed, 12 Aug 2020 10:45:56 -0400 Cc: Mimi Zohar , James Morris , Deven Bowers , Pavel Machek , Sasha Levin , snitzer@redhat.com, dm-devel@redhat.com, tyhicks@linux.microsoft.com, agk@redhat.com, Paul Moore , Jonathan Corbet , nramas@linux.microsoft.com, serge@hallyn.com, pasha.tatashin@soleen.com, Jann Horn , linux-block@vger.kernel.org, Al Viro , Jens Axboe , mdsakib@microsoft.com, open list , eparis@redhat.com, linux-security-module@vger.kernel.org, linux-audit@redhat.com, linux-fsdevel , linux-integrity@vger.kernel.org, jaskarankhurana@linux.microsoft.com Content-Transfer-Encoding: quoted-printable Message-Id: <20F82AFA-D0AC-479B-AB1D-0D354AE19498@gmail.com> References: <20200728213614.586312-1-deven.desai@linux.microsoft.com> <20200802115545.GA1162@bug> <20200802140300.GA2975990@sasha-vm> <20200802143143.GB20261@amd> <1596386606.4087.20.camel@HansenPartnership.com> <1596639689.3457.17.camel@HansenPartnership.com> <329E8DBA-049E-4959-AFD4-9D118DEB176E@gmail.com> <1597073737.3966.12.camel@HansenPartnership.com> <6E907A22-02CC-42DD-B3CD-11D304F3A1A8@gmail.com> <1597124623.30793.14.camel@HansenPartnership.com> <16C3BF97-A7D3-488A-9D26-7C9B18AD2084@gmail.com> <1597159969.4325.21.camel@HansenPartnership.com> To: James Bottomley X-Mailer: Apple Mail (2.3608.80.23.2.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Aug 11, 2020, at 11:32 AM, James Bottomley = wrote: >=20 > On Tue, 2020-08-11 at 10:48 -0400, Chuck Lever wrote: >>> On Aug 11, 2020, at 1:43 AM, James Bottomley >>> wrote: >>> On Mon, 2020-08-10 at 19:36 -0400, Chuck Lever wrote: > [...] >>>> Thanks for the help! I just want to emphasize that documentation >>>> (eg, a specification) will be critical for remote filesystems. >>>>=20 >>>> If any of this is to be supported by a remote filesystem, then we >>>> need an unencumbered description of the new metadata format >>>> rather than code. GPL-encumbered formats cannot be contributed to >>>> the NFS standard, and are probably difficult for other >>>> filesystems that are not Linux-native, like SMB, as well. >>>=20 >>> I don't understand what you mean by GPL encumbered formats. The >>> GPL is a code licence not a data or document licence. >>=20 >> IETF contributions occur under a BSD-style license incompatible >> with the GPL. >>=20 >> https://trustee.ietf.org/trust-legal-provisions.html >>=20 >> Non-Linux implementers (of OEM storage devices) rely on such >> standards processes to indemnify them against licensing claims. >=20 > Well, that simply means we won't be contributing the Linux > implementation, right? At the present time, there is nothing but the Linux implementation. There's no English description, there's no specification of the formats, the format is described only by source code. The only way to contribute current IMA metadata formats to an open standards body like the IETF is to look at encumbered code first. We would effectively be contributing an implementation in this case. (I'm not saying the current formats should or should not be contributed; merely that there is a legal stumbling block to doing so that can be avoided for newly defined formats). > Well, let me put the counterpoint: I can write a book about how linux > device drivers work (which includes describing the data formats) Our position is that someone who reads that book and implements those formats under a non-GPL-compatible license would be in breach of the GPL. The point of the standards process is to indemnify implementing and distributing under _any_ license what has been published by the standards body. That legally enables everyone to use the published protocol/format in their own code no matter how it happens to be licensed. > Fine, good grief, people who take a sensible view of this can write = the > data format down and publish it under any licence you like then you = can > pick it up again safely. That's what I proposed. Write it down under the IETF Trust legal provisions license. And I volunteered to do that. All I'm saying is that description needs to come before code. -- Chuck Lever chucklever@gmail.com