Hello,
It's a great job, but I got a licensing issue: (Due to my job I have to
scrutinize Legal implications of source codes first)
SE-Postgresql uses libselinux,
libselinux tends to be in Public domain, serving as an interface for
selinux modules in kernel (which is GPL)
the problem is in libselinux/src/avc.c
http://userspace.selinuxproject.org/trac/browser/libselinux/src/avc.c
the author: Eamon Walsh
with the National Computer Security Center (the NSA)
indicated this file is "Derived" from kernel AVC (which is GPL v 2.1)
_____________________________________________________________
/*
* Implementation of the userspace access vector cache (AVC).
*
* Author : Eamon Walsh <ewalsh@xxxxxxxxxxxxxx>
*
* Derived from the kernel AVC implementation by
* Stephen Smalley <sds@xxxxxxxxxxxxxx> and
* James Morris <jmorris@xxxxxxxxxx>.
*/
_____________________________________________________________
The term "Derived" has legal implication, any derivative works of GPL
code should be GPL (the kernel avc is licensed under GPL v 2.1)
To me that file is much like a re-implementation of AVC for libselinux,
it is obvious for interfacing userspace with kernel module you need to
follow the structures of what you actually interface with (in this case
it could be interpreted as original work)
Although due to Legal requirements I have to consider author claims as
well, and the Author clearly indicated it is a derivative work,
If we consider the author claim then libselinux falls into GPL license
category anything dynamically or statically linked to it should be
released under GPL license then, That would make se-postgresql license
inappropriate which is using postgresql license (actually is a BSD-like
license and is less restrictive license than GPL).
Please shed some light on this issue,
Thanks
Best Regards,
Patrick K.
On 1/31/2011 3:13 AM, KaiGai Kohei wrote:
A few days ago, a tiny initial version of SE-PostgreSQL got merged
in the v9.1 development cycle at this commit: http://bit.ly/gF2QPQ
Although it omits various features which I planned at first, it
seems to me an ambitious first step.
PostgreSQL has shifted to provide a set of facilities to implement
label based mandatory access control, such as security label support
on database objects or security hooks being available for plug-in
modules.
The current version of SE-PostgreSQL is implemented as a plugin
module that utilizes these hooks (but only a limited places are
covered), then it asks SELinux in kernel whether the required
access shall be allowed, or not.
In the next development, I'd like to expand its access control coverage
using more fine grained security hooks. Right now, DDL permissions are
restrictions. Also, row-level security is in-progress feature.
I have much things to do for the v9.2 or v9.3, however, I'd like to
appreciate people who have given me many feedbacks since 2006
Thanks,
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
