linux/security/safesetid/Kconfig
<<
>>
Prefs 
   1# SPDX-License-Identifier: GPL-2.0-only
   2config SECURITY_SAFESETID
   3        bool "Gate setid transitions to limit CAP_SET{U/G}ID capabilities"
   4        depends on SECURITY
   5        select SECURITYFS
   6        default n
   7        help
   8          SafeSetID is an LSM module that gates the setid family of syscalls to
   9          restrict UID/GID transitions from a given UID/GID to only those
  10          approved by a system-wide whitelist. These restrictions also prohibit
  11          the given UIDs/GIDs from obtaining auxiliary privileges associated
  12          with CAP_SET{U/G}ID, such as allowing a user to set up user namespace
  13          UID mappings.
  14
  15          If you are unsure how to answer this question, answer N.
  16
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.