[PATCH] MAINTAINERS: Add security/Kconfig.hardening to hardening section

Nathan Chancellor posted 1 patch 2 months ago
MAINTAINERS | 1 +
1 file changed, 1 insertion(+)
[PATCH] MAINTAINERS: Add security/Kconfig.hardening to hardening section
Posted by Nathan Chancellor 2 months ago
When running get_maintainer.pl on security/Kconfig.hardening, only the
security subsystem folks show up, even though they have never taken
patches to this file:

  $ scripts/get_maintainer.pl security/Kconfig.hardening
  Paul Moore <...> (supporter:SECURITY SUBSYSTEM)
  James Morris <...> (supporter:SECURITY SUBSYSTEM)
  "Serge E. Hallyn" <...> (supporter:SECURITY SUBSYSTEM)
  linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM)
  linux-kernel@vger.kernel.org (open list)

  $ git log --format=%cn --no-merges security/Kconfig.hardening | sort | uniq -c
        3 Andrew Morton
        1 Greg Kroah-Hartman
       18 Kees Cook
        2 Linus Torvald

Add it to the hardening section so that the KSPP folks are also shown,
which matches reality over who should comment on and take said patches
if necessary.

Signed-off-by: Nathan Chancellor <nathan@kernel.org>
---
 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 36c0af94cf0861904ddb6922bb0405b353fd33b6..d117d06d385f4d51221c7302c39869911d270058 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -12151,6 +12151,7 @@ F:	include/linux/randomize_kstack.h
 F:	kernel/configs/hardening.config
 F:	lib/usercopy_kunit.c
 F:	mm/usercopy.c
+F:	security/Kconfig.hardening
 K:	\b(add|choose)_random_kstack_offset\b
 K:	\b__check_(object_size|heap_object)\b
 K:	\b__counted_by\b

---
base-commit: c00ac1f9fd7bfe87ff17b7a85f23118f3a3f0af2
change-id: 20240928-maintainers-security-kconfig-hardening-7e70aa73171b

Best regards,
-- 
Nathan Chancellor <nathan@kernel.org>
Re: [PATCH] MAINTAINERS: Add security/Kconfig.hardening to hardening section
Posted by Paul Moore 1 month, 4 weeks ago
On September 28, 2024 8:26:28 PM Nathan Chancellor <nathan@kernel.org> wrote:
> When running get_maintainer.pl on security/Kconfig.hardening, only the
> security subsystem folks show up, even though they have never taken
> patches to this file:
>
>  $ scripts/get_maintainer.pl security/Kconfig.hardening
>  Paul Moore <...> (supporter:SECURITY SUBSYSTEM)
>  James Morris <...> (supporter:SECURITY SUBSYSTEM)
>  "Serge E. Hallyn" <...> (supporter:SECURITY SUBSYSTEM)
>  linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM)
>  linux-kernel@vger.kernel.org (open list)
>
>  $ git log --format=%cn --no-merges security/Kconfig.hardening | sort | uniq -c
>        3 Andrew Morton
>        1 Greg Kroah-Hartman
>       18 Kees Cook
>        2 Linus Torvald
>
> Add it to the hardening section so that the KSPP folks are also shown,
> which matches reality over who should comment on and take said patches
> if necessary.
>
> Signed-off-by: Nathan Chancellor <nathan@kernel.org>
> ---
> MAINTAINERS | 1 +
> 1 file changed, 1 insertion(+)

For the sake of casual observers, the reason James, Serge, or I haven't 
merged anything in Kconfig.hardening isn't due to any malicious intent or 
lack of appreciation, rather it is out of respect for KSPP and not wanting 
to step on Kees' toes.  I've happily merged KSPP related patches to those 
subsystems which I'm tasked with looking after and I plan to continue to do so.

--
paul-moore.com
Re: [PATCH] MAINTAINERS: Add security/Kconfig.hardening to hardening section
Posted by Nathan Chancellor 1 month, 4 weeks ago
On Sun, Sep 29, 2024 at 10:20:59PM +0200, Paul Moore wrote:
> On September 28, 2024 8:26:28 PM Nathan Chancellor <nathan@kernel.org> wrote:
> > When running get_maintainer.pl on security/Kconfig.hardening, only the
> > security subsystem folks show up, even though they have never taken
> > patches to this file:
> > 
> >  $ scripts/get_maintainer.pl security/Kconfig.hardening
> >  Paul Moore <...> (supporter:SECURITY SUBSYSTEM)
> >  James Morris <...> (supporter:SECURITY SUBSYSTEM)
> >  "Serge E. Hallyn" <...> (supporter:SECURITY SUBSYSTEM)
> >  linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM)
> >  linux-kernel@vger.kernel.org (open list)
> > 
> >  $ git log --format=%cn --no-merges security/Kconfig.hardening | sort | uniq -c
> >        3 Andrew Morton
> >        1 Greg Kroah-Hartman
> >       18 Kees Cook
> >        2 Linus Torvald
> > 
> > Add it to the hardening section so that the KSPP folks are also shown,
> > which matches reality over who should comment on and take said patches
> > if necessary.
> > 
> > Signed-off-by: Nathan Chancellor <nathan@kernel.org>
> > ---
> > MAINTAINERS | 1 +
> > 1 file changed, 1 insertion(+)
> 
> For the sake of casual observers, the reason James, Serge, or I haven't
> merged anything in Kconfig.hardening isn't due to any malicious intent or
> lack of appreciation, rather it is out of respect for KSPP and not wanting
> to step on Kees' toes.

Right, I did not mean for this to come off in an accusatory way, so my
apologies if it did. I merely wanted to codify this arrangement so that
patches get picked up or acked by the correct people in the future since
I had to send one earlier and I noticed it did not match reality (with
the data to prove it heh). I hope it is fairly obvious that Kees has a
good working relationship with you and the other security subsystem
folks if one pays attention to the mailing list :) and for the record,
even with this change, get_maintainer.pl still shows the security/
maintainers and list for this file, so you can still be kept in the loop
if so desired.

> I've happily merged KSPP related patches to those subsystems which I'm
> tasked with looking after and I plan to continue to do so.

Always happy to have as many KSPP allies as possible :)

Cheers,
Nathan
Re: [PATCH] MAINTAINERS: Add security/Kconfig.hardening to hardening section
Posted by Paul Moore 1 month, 4 weeks ago
On Sun, Sep 29, 2024 at 5:00 PM Nathan Chancellor <nathan@kernel.org> wrote:
> On Sun, Sep 29, 2024 at 10:20:59PM +0200, Paul Moore wrote:
> > On September 28, 2024 8:26:28 PM Nathan Chancellor <nathan@kernel.org> wrote:
> > > When running get_maintainer.pl on security/Kconfig.hardening, only the
> > > security subsystem folks show up, even though they have never taken
> > > patches to this file:
> > >
> > >  $ scripts/get_maintainer.pl security/Kconfig.hardening
> > >  Paul Moore <...> (supporter:SECURITY SUBSYSTEM)
> > >  James Morris <...> (supporter:SECURITY SUBSYSTEM)
> > >  "Serge E. Hallyn" <...> (supporter:SECURITY SUBSYSTEM)
> > >  linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM)
> > >  linux-kernel@vger.kernel.org (open list)
> > >
> > >  $ git log --format=%cn --no-merges security/Kconfig.hardening | sort | uniq -c
> > >        3 Andrew Morton
> > >        1 Greg Kroah-Hartman
> > >       18 Kees Cook
> > >        2 Linus Torvald
> > >
> > > Add it to the hardening section so that the KSPP folks are also shown,
> > > which matches reality over who should comment on and take said patches
> > > if necessary.
> > >
> > > Signed-off-by: Nathan Chancellor <nathan@kernel.org>
> > > ---
> > > MAINTAINERS | 1 +
> > > 1 file changed, 1 insertion(+)
> >
> > For the sake of casual observers, the reason James, Serge, or I haven't
> > merged anything in Kconfig.hardening isn't due to any malicious intent or
> > lack of appreciation, rather it is out of respect for KSPP and not wanting
> > to step on Kees' toes.
>
> Right, I did not mean for this to come off in an accusatory way, so my
> apologies if it did. I merely wanted to codify this arrangement so that
> patches get picked up or acked by the correct people in the future since
> I had to send one earlier and I noticed it did not match reality (with
> the data to prove it heh) ...

No worries, I had hoped to make it clear I wasn't too bothered by this
with the 'for casual observers' remark, but I guess I should have been
more explicit.  I wrote my original reply simply because I've seen
people take snippets out of context far too many times and I didn't
want anyone to think there was a problem here.

> > I've happily merged KSPP related patches to those subsystems which I'm
> > tasked with looking after and I plan to continue to do so.
>
> Always happy to have as many KSPP allies as possible :)

Hopefully the LSM folks can consider KSPP as an ally too ;)

-- 
paul-moore.com
Re: [PATCH] MAINTAINERS: Add security/Kconfig.hardening to hardening section
Posted by Kees Cook 2 months ago
On Sat, 28 Sep 2024 11:26:09 -0700, Nathan Chancellor wrote:
> When running get_maintainer.pl on security/Kconfig.hardening, only the
> security subsystem folks show up, even though they have never taken
> patches to this file:
> 
>   $ scripts/get_maintainer.pl security/Kconfig.hardening
>   Paul Moore <...> (supporter:SECURITY SUBSYSTEM)
>   James Morris <...> (supporter:SECURITY SUBSYSTEM)
>   "Serge E. Hallyn" <...> (supporter:SECURITY SUBSYSTEM)
>   linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM)
>   linux-kernel@vger.kernel.org (open list)
> 
> [...]

Applied to for-linus/hardening, thanks!

[1/1] MAINTAINERS: Add security/Kconfig.hardening to hardening section
      https://git.kernel.org/kees/c/045244dd5d75

Take care,

-- 
Kees Cook