| Server IP : 195.114.193.97 / Your IP : 216.73.217.93 Web Server : LiteSpeed System : Linux host 5.15.0-126-generic #136-Ubuntu SMP Wed Nov 6 10:38:22 UTC 2024 x86_64 User : sembi4241 ( 1126) PHP Version : 8.1.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /usr/src/linux-headers-5.15.0-57-generic/security/safesetid/ |
Upload File : |
# SPDX-License-Identifier: GPL-2.0-only
config SECURITY_SAFESETID
bool "Gate setid transitions to limit CAP_SET{U/G}ID capabilities"
depends on SECURITY
select SECURITYFS
default n
help
SafeSetID is an LSM module that gates the setid family of syscalls to
restrict UID/GID transitions from a given UID/GID to only those
approved by a system-wide whitelist. These restrictions also prohibit
the given UIDs/GIDs from obtaining auxiliary privileges associated
with CAP_SET{U/G}ID, such as allowing a user to set up user namespace
UID mappings.
If you are unsure how to answer this question, answer N.