On Sun, Mar 9, 2025 at 7:12 AM Günther Noack [off-list ref] wrote:

Hello Paul and Serge!

On Tue, Mar 04, 2025 at 05:23:05PM -0500, Paul Moore wrote:

quoted

The lack of an explicit credential (kernel/cred.c) entry has caused
confusion in the past among new, and not-so-new developers, about where
to send credential patches for discussion and merging.  Those patches
that are sent can often rot on the mailing lists for months as there
is no clear maintainer tasked with reviewing and merging patches.

I'm volunteering for the cred maintainer role to try and reduce the
confusion and help cred patches find their way up to Linus' tree.  As
there generally aren't a lot of cred patches I'll start with simply
folding them into the LSM tree, but if this changes I'll setup a
dedicated cred tree.

Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 MAINTAINERS | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 896a307fa065..68e4656c15ea 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS

@@ -6139,6 +6139,14 @@ L:     linux-input@vger.kernel.org
 S:   Maintained
 F:   drivers/hid/hid-creative-sb0540.c

+CREDENTIALS
+M:   Paul Moore <paul@paul-moore.com>
+L:   linux-security-module@vger.kernel.org
+S:   Supported
+T:   git https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git
+F:   include/linux/cred.h
+F:   kernel/cred.c

Maybe also add the documentation:

+F:     Documentation/security/credentials.rst

This documents the prepare_creds()/commit_creds()/abort_creds()
"transactional" API that tasks should use to change credentials.

Thanks.  Serge already posted a patch to add the doc page, we should be all set.

Acked-by: Günther Noack <redacted>

Thank you both for stepping up to establish a clearer ownership for
credentials!  There is a need for authoritative decisions in that
area, and it has been difficult to find the right contacts for
credentials on earlier patches as well, such as:

https://lore.kernel.org/all/20240805-remove-cred-transfer-v2-0-a2aa1d45e6b8@google.com/ (local)
(patch by Jann Horn: "get rid of cred_transfer")

https://lore.kernel.org/all/20250221184417.27954-2-gnoack3000@gmail.com/ (local)
(patch by me, multithreaded Landlock enablement)

Yeah, the cred_transfer/keyctl issue is particularly nasty and needs
to be revisited.  If memory serves there was still a compatibility
issue with Jann's patch, but we may want to consider merging that into
-next just to see if userspace still cares.  It's on my todo list to
take a closer look when I have the time.

-- 
paul-moore.com