[PATCH] LSM: add SafeSetID module that gates setid calls

[Kees Cook]

On Wed, Oct 31, 2018 at 2:02 PM, Serge E. Hallyn <serge at hallyn.com> wrote:
> Just to be sure - your end-goal is to have a set of tasks which have
> some privileges, including CAP_SETUID, but which cannot transition to
> certain uids, perhaps including root?

AIUI, the issue is that CAP_SETUID is TOO permissive. Instead, run
_without_ CAP_SETUID and still allow whitelisted uid transitions.

-Kees

-- 
Kees Cook