mirror of https://gitee.com/openkylin/linux.git
aeca4e2ca6
SafeSetID gates the setid family of syscalls to restrict UID/GID transitions from a given UID/GID to only those approved by a system-wide whitelist. These restrictions also prohibit the given UIDs/GIDs from obtaining auxiliary privileges associated with CAP_SET{U/G}ID, such as allowing a user to set up user namespace UID mappings. For now, only gating the set*uid family of syscalls is supported, with support for set*gid coming in a future patch set. Signed-off-by: Micah Morton <mortonm@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> |
||
---|---|---|
.. | ||
LoadPin.rst | ||
SELinux.rst | ||
SafeSetID.rst | ||
Smack.rst | ||
Yama.rst | ||
apparmor.rst | ||
index.rst | ||
tomoyo.rst |