0545e9dc6d
commit d1edce71135cc6d98c0a4b5729774542b676e769 Author: sophgo-forum-service <forum_service@sophgo.com> Date: Fri Mar 15 16:07:33 2024 +0800 [fix] recommend using ssh method to clone repo. [fix] fix sensor driver repo branch name.
16 lines
709 B
Plaintext
16 lines
709 B
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
config SECURITY_SAFESETID
|
|
bool "Gate setid transitions to limit CAP_SET{U/G}ID capabilities"
|
|
depends on SECURITY
|
|
select SECURITYFS
|
|
default n
|
|
help
|
|
SafeSetID is an LSM module that gates the setid family of syscalls to
|
|
restrict UID/GID transitions from a given UID/GID to only those
|
|
approved by a system-wide whitelist. These restrictions also prohibit
|
|
the given UIDs/GIDs from obtaining auxiliary privileges associated
|
|
with CAP_SET{U/G}ID, such as allowing a user to set up user namespace
|
|
UID mappings.
|
|
|
|
If you are unsure how to answer this question, answer N.
|