* [RFC PATCH] MAINTAINERS: add an explicit credentials entry @ 2025-03-04 22:23 Paul Moore 2025-03-07 17:13 ` Paul Moore 2025-03-09 11:12 ` Günther Noack 0 siblings, 2 replies; 6+ messages in thread From: Paul Moore @ 2025-03-04 22:23 UTC (permalink / raw) To: linux-kernel, linux-security-module The lack of an explicit credential (kernel/cred.c) entry has caused confusion in the past among new, and not-so-new developers, about where to send credential patches for discussion and merging. Those patches that are sent can often rot on the mailing lists for months as there is no clear maintainer tasked with reviewing and merging patches. I'm volunteering for the cred maintainer role to try and reduce the confusion and help cred patches find their way up to Linus' tree. As there generally aren't a lot of cred patches I'll start with simply folding them into the LSM tree, but if this changes I'll setup a dedicated cred tree. Signed-off-by: Paul Moore <paul@paul-moore.com> --- MAINTAINERS | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 896a307fa065..68e4656c15ea 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -6139,6 +6139,14 @@ L: linux-input@vger.kernel.org S: Maintained F: drivers/hid/hid-creative-sb0540.c +CREDENTIALS +M: Paul Moore <paul@paul-moore.com> +L: linux-security-module@vger.kernel.org +S: Supported +T: git https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git +F: include/linux/cred.h +F: kernel/cred.c + INTEL CRPS COMMON REDUNDANT PSU DRIVER M: Ninad Palsule <ninad@linux.ibm.com> L: linux-hwmon@vger.kernel.org -- 2.48.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [RFC PATCH] MAINTAINERS: add an explicit credentials entry 2025-03-04 22:23 [RFC PATCH] MAINTAINERS: add an explicit credentials entry Paul Moore @ 2025-03-07 17:13 ` Paul Moore 2025-03-08 2:47 ` sergeh 2025-03-09 11:12 ` Günther Noack 1 sibling, 1 reply; 6+ messages in thread From: Paul Moore @ 2025-03-07 17:13 UTC (permalink / raw) To: linux-kernel, linux-security-module On Tue, Mar 4, 2025 at 5:23 PM Paul Moore <paul@paul-moore.com> wrote: > > The lack of an explicit credential (kernel/cred.c) entry has caused > confusion in the past among new, and not-so-new developers, about where > to send credential patches for discussion and merging. Those patches > that are sent can often rot on the mailing lists for months as there > is no clear maintainer tasked with reviewing and merging patches. > > I'm volunteering for the cred maintainer role to try and reduce the > confusion and help cred patches find their way up to Linus' tree. As > there generally aren't a lot of cred patches I'll start with simply > folding them into the LSM tree, but if this changes I'll setup a > dedicated cred tree. > > Signed-off-by: Paul Moore <paul@paul-moore.com> > --- > MAINTAINERS | 8 ++++++++ > 1 file changed, 8 insertions(+) I haven't seen any objections, or any other volunteers, so I'm going to go ahead and merge this to send up to Linus during the upcoming merge window. > diff --git a/MAINTAINERS b/MAINTAINERS > index 896a307fa065..68e4656c15ea 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -6139,6 +6139,14 @@ L: linux-input@vger.kernel.org > S: Maintained > F: drivers/hid/hid-creative-sb0540.c > > +CREDENTIALS > +M: Paul Moore <paul@paul-moore.com> > +L: linux-security-module@vger.kernel.org > +S: Supported > +T: git https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git > +F: include/linux/cred.h > +F: kernel/cred.c > + > INTEL CRPS COMMON REDUNDANT PSU DRIVER > M: Ninad Palsule <ninad@linux.ibm.com> > L: linux-hwmon@vger.kernel.org > -- > 2.48.1 -- paul-moore.com ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH] MAINTAINERS: add an explicit credentials entry 2025-03-07 17:13 ` Paul Moore @ 2025-03-08 2:47 ` sergeh 2025-03-08 17:01 ` Paul Moore 0 siblings, 1 reply; 6+ messages in thread From: sergeh @ 2025-03-08 2:47 UTC (permalink / raw) To: Paul Moore; +Cc: linux-kernel, linux-security-module On Fri, Mar 07, 2025 at 12:13:08PM -0500, Paul Moore wrote: > On Tue, Mar 4, 2025 at 5:23 PM Paul Moore <paul@paul-moore.com> wrote: > > > > The lack of an explicit credential (kernel/cred.c) entry has caused > > confusion in the past among new, and not-so-new developers, about where > > to send credential patches for discussion and merging. Those patches > > that are sent can often rot on the mailing lists for months as there > > is no clear maintainer tasked with reviewing and merging patches. > > > > I'm volunteering for the cred maintainer role to try and reduce the > > confusion and help cred patches find their way up to Linus' tree. As > > there generally aren't a lot of cred patches I'll start with simply > > folding them into the LSM tree, but if this changes I'll setup a > > dedicated cred tree. > > > > Signed-off-by: Paul Moore <paul@paul-moore.com> > > --- > > MAINTAINERS | 8 ++++++++ > > 1 file changed, 8 insertions(+) > > I haven't seen any objections, or any other volunteers, so I'm going > to go ahead and merge this to send up to Linus during the upcoming > merge window. Sorry, I managed to not take my personal laptop charger with me on a trip this week, fell behind. I'm very happy with you as the maintainer, but I do volunteer to try and step in here, if that works. > > diff --git a/MAINTAINERS b/MAINTAINERS > > index 896a307fa065..68e4656c15ea 100644 > > --- a/MAINTAINERS > > +++ b/MAINTAINERS > > @@ -6139,6 +6139,14 @@ L: linux-input@vger.kernel.org > > S: Maintained > > F: drivers/hid/hid-creative-sb0540.c > > > > +CREDENTIALS > > +M: Paul Moore <paul@paul-moore.com> > > +L: linux-security-module@vger.kernel.org > > +S: Supported > > +T: git https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git > > +F: include/linux/cred.h > > +F: kernel/cred.c > > + > > INTEL CRPS COMMON REDUNDANT PSU DRIVER > > M: Ninad Palsule <ninad@linux.ibm.com> > > L: linux-hwmon@vger.kernel.org > > -- > > 2.48.1 > > -- > paul-moore.com ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH] MAINTAINERS: add an explicit credentials entry 2025-03-08 2:47 ` sergeh @ 2025-03-08 17:01 ` Paul Moore 0 siblings, 0 replies; 6+ messages in thread From: Paul Moore @ 2025-03-08 17:01 UTC (permalink / raw) To: sergeh; +Cc: linux-kernel, linux-security-module On Fri, Mar 7, 2025 at 9:47 PM <sergeh@kernel.org> wrote: > On Fri, Mar 07, 2025 at 12:13:08PM -0500, Paul Moore wrote: > > On Tue, Mar 4, 2025 at 5:23 PM Paul Moore <paul@paul-moore.com> wrote: > > > > > > The lack of an explicit credential (kernel/cred.c) entry has caused > > > confusion in the past among new, and not-so-new developers, about where > > > to send credential patches for discussion and merging. Those patches > > > that are sent can often rot on the mailing lists for months as there > > > is no clear maintainer tasked with reviewing and merging patches. > > > > > > I'm volunteering for the cred maintainer role to try and reduce the > > > confusion and help cred patches find their way up to Linus' tree. As > > > there generally aren't a lot of cred patches I'll start with simply > > > folding them into the LSM tree, but if this changes I'll setup a > > > dedicated cred tree. > > > > > > Signed-off-by: Paul Moore <paul@paul-moore.com> > > > --- > > > MAINTAINERS | 8 ++++++++ > > > 1 file changed, 8 insertions(+) > > > > I haven't seen any objections, or any other volunteers, so I'm going > > to go ahead and merge this to send up to Linus during the upcoming > > merge window. > > Sorry, I managed to not take my personal laptop charger with me > on a trip this week, fell behind. > > I'm very happy with you as the maintainer, but I do volunteer to > try and step in here, if that works. Thanks. Send a patch adding yourself as either a maintainer or reviewer, whichever you prefer, and I'll happily merge it. For reference, I've merged the patch in this thread into the lsm/dev tree. -- paul-moore.com ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH] MAINTAINERS: add an explicit credentials entry 2025-03-04 22:23 [RFC PATCH] MAINTAINERS: add an explicit credentials entry Paul Moore 2025-03-07 17:13 ` Paul Moore @ 2025-03-09 11:12 ` Günther Noack 2025-03-10 20:29 ` Paul Moore 1 sibling, 1 reply; 6+ messages in thread From: Günther Noack @ 2025-03-09 11:12 UTC (permalink / raw) To: Paul Moore; +Cc: linux-kernel, linux-security-module Hello Paul and Serge! On Tue, Mar 04, 2025 at 05:23:05PM -0500, Paul Moore wrote: > The lack of an explicit credential (kernel/cred.c) entry has caused > confusion in the past among new, and not-so-new developers, about where > to send credential patches for discussion and merging. Those patches > that are sent can often rot on the mailing lists for months as there > is no clear maintainer tasked with reviewing and merging patches. > > I'm volunteering for the cred maintainer role to try and reduce the > confusion and help cred patches find their way up to Linus' tree. As > there generally aren't a lot of cred patches I'll start with simply > folding them into the LSM tree, but if this changes I'll setup a > dedicated cred tree. > > Signed-off-by: Paul Moore <paul@paul-moore.com> > --- > MAINTAINERS | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/MAINTAINERS b/MAINTAINERS > index 896a307fa065..68e4656c15ea 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -6139,6 +6139,14 @@ L: linux-input@vger.kernel.org > S: Maintained > F: drivers/hid/hid-creative-sb0540.c > > +CREDENTIALS > +M: Paul Moore <paul@paul-moore.com> > +L: linux-security-module@vger.kernel.org > +S: Supported > +T: git https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git > +F: include/linux/cred.h > +F: kernel/cred.c Maybe also add the documentation: +F: Documentation/security/credentials.rst This documents the prepare_creds()/commit_creds()/abort_creds() "transactional" API that tasks should use to change credentials. > + > INTEL CRPS COMMON REDUNDANT PSU DRIVER > M: Ninad Palsule <ninad@linux.ibm.com> > L: linux-hwmon@vger.kernel.org > -- > 2.48.1 > Acked-by: Günther Noack <gnoack3000@gmail.com> Thank you both for stepping up to establish a clearer ownership for credentials! There is a need for authoritative decisions in that area, and it has been difficult to find the right contacts for credentials on earlier patches as well, such as: https://lore.kernel.org/all/20240805-remove-cred-transfer-v2-0-a2aa1d45e6b8@google.com/ (patch by Jann Horn: "get rid of cred_transfer") https://lore.kernel.org/all/20250221184417.27954-2-gnoack3000@gmail.com/ (patch by me, multithreaded Landlock enablement) Thanks, –Günther ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFC PATCH] MAINTAINERS: add an explicit credentials entry 2025-03-09 11:12 ` Günther Noack @ 2025-03-10 20:29 ` Paul Moore 0 siblings, 0 replies; 6+ messages in thread From: Paul Moore @ 2025-03-10 20:29 UTC (permalink / raw) To: Günther Noack; +Cc: linux-kernel, linux-security-module On Sun, Mar 9, 2025 at 7:12 AM Günther Noack <gnoack3000@gmail.com> wrote: > > Hello Paul and Serge! > > On Tue, Mar 04, 2025 at 05:23:05PM -0500, Paul Moore wrote: > > The lack of an explicit credential (kernel/cred.c) entry has caused > > confusion in the past among new, and not-so-new developers, about where > > to send credential patches for discussion and merging. Those patches > > that are sent can often rot on the mailing lists for months as there > > is no clear maintainer tasked with reviewing and merging patches. > > > > I'm volunteering for the cred maintainer role to try and reduce the > > confusion and help cred patches find their way up to Linus' tree. As > > there generally aren't a lot of cred patches I'll start with simply > > folding them into the LSM tree, but if this changes I'll setup a > > dedicated cred tree. > > > > Signed-off-by: Paul Moore <paul@paul-moore.com> > > --- > > MAINTAINERS | 8 ++++++++ > > 1 file changed, 8 insertions(+) > > > > diff --git a/MAINTAINERS b/MAINTAINERS > > index 896a307fa065..68e4656c15ea 100644 > > --- a/MAINTAINERS > > +++ b/MAINTAINERS > > @@ -6139,6 +6139,14 @@ L: linux-input@vger.kernel.org > > S: Maintained > > F: drivers/hid/hid-creative-sb0540.c > > > > +CREDENTIALS > > +M: Paul Moore <paul@paul-moore.com> > > +L: linux-security-module@vger.kernel.org > > +S: Supported > > +T: git https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git > > +F: include/linux/cred.h > > +F: kernel/cred.c > > Maybe also add the documentation: > > +F: Documentation/security/credentials.rst > > This documents the prepare_creds()/commit_creds()/abort_creds() > "transactional" API that tasks should use to change credentials. Thanks. Serge already posted a patch to add the doc page, we should be all set. > Acked-by: Günther Noack <gnoack3000@gmail.com> > > Thank you both for stepping up to establish a clearer ownership for > credentials! There is a need for authoritative decisions in that > area, and it has been difficult to find the right contacts for > credentials on earlier patches as well, such as: > > https://lore.kernel.org/all/20240805-remove-cred-transfer-v2-0-a2aa1d45e6b8@google.com/ > (patch by Jann Horn: "get rid of cred_transfer") > > https://lore.kernel.org/all/20250221184417.27954-2-gnoack3000@gmail.com/ > (patch by me, multithreaded Landlock enablement) Yeah, the cred_transfer/keyctl issue is particularly nasty and needs to be revisited. If memory serves there was still a compatibility issue with Jann's patch, but we may want to consider merging that into -next just to see if userspace still cares. It's on my todo list to take a closer look when I have the time. -- paul-moore.com ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-03-10 20:29 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-03-04 22:23 [RFC PATCH] MAINTAINERS: add an explicit credentials entry Paul Moore 2025-03-07 17:13 ` Paul Moore 2025-03-08 2:47 ` sergeh 2025-03-08 17:01 ` Paul Moore 2025-03-09 11:12 ` Günther Noack 2025-03-10 20:29 ` Paul Moore
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).