forked from Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 lines
709 B
15 lines
709 B
# SPDX-License-Identifier: GPL-2.0-only |
|
config SECURITY_SAFESETID |
|
bool "Gate setid transitions to limit CAP_SET{U/G}ID capabilities" |
|
depends on SECURITY |
|
select SECURITYFS |
|
default n |
|
help |
|
SafeSetID is an LSM module that gates the setid family of syscalls to |
|
restrict UID/GID transitions from a given UID/GID to only those |
|
approved by a system-wide whitelist. These restrictions also prohibit |
|
the given UIDs/GIDs from obtaining auxiliary privileges associated |
|
with CAP_SET{U/G}ID, such as allowing a user to set up user namespace |
|
UID mappings. |
|
|
|
If you are unsure how to answer this question, answer N.
|
|
|