87bc514620
The purpose of this LSM is to allow processes to drop to a less privileged user id without having to grant them full CAP_SETUID (or use file caps). The LSM allows configuring a whitelist policy of permitted from:to uid transitions. The policy is enforced upon calls to setuid(2) and related syscalls. Policies are configured through securityfs by writing to - safesetid/add_whitelist_policy ; and - safesetid/flush_whitelist_policies A process attempting a transition not permitted by current policy is killed (to avoid accidentally running with higher privileges than intended). A uid that has a configured policy is prevented from obtaining auxiliary setuid privileges (e.g., setting up user namespaces). See also: https://www.kernel.org/doc/html/latest/admin-guide/LSM/SafeSetID.html |
||
|---|---|---|
| .. | ||
| bsd | ||
| darwin | ||
| linux | ||
| windows | ||