1*ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 2aeca4e2cSMicah Mortonconfig SECURITY_SAFESETID 3aeca4e2cSMicah Morton bool "Gate setid transitions to limit CAP_SET{U/G}ID capabilities" 42f87324bSMicah Morton depends on SECURITY 52f87324bSMicah Morton select SECURITYFS 6aeca4e2cSMicah Morton default n 7aeca4e2cSMicah Morton help 8aeca4e2cSMicah Morton SafeSetID is an LSM module that gates the setid family of syscalls to 9aeca4e2cSMicah Morton restrict UID/GID transitions from a given UID/GID to only those 10aeca4e2cSMicah Morton approved by a system-wide whitelist. These restrictions also prohibit 11aeca4e2cSMicah Morton the given UIDs/GIDs from obtaining auxiliary privileges associated 12aeca4e2cSMicah Morton with CAP_SET{U/G}ID, such as allowing a user to set up user namespace 13aeca4e2cSMicah Morton UID mappings. 14aeca4e2cSMicah Morton 15aeca4e2cSMicah Morton If you are unsure how to answer this question, answer N. 16