shill/setgid_restrictions/shill_gid_allowlist.txt - mirrors/cros/chromiumos/platform2 - Git at Google

 # The SafeSetID LSM uses this list to record which UID’s/GID’s to restrict, look here for more information:
 # https://www.kernel.org/doc/html/latest/admin-guide/LSM/SafeSetID.html

 # shill spawns dhcpcd as 'dhcp' group
 20104:224
 # shill spawns wireguard tools, openvpn, and 'l2tpipsec_vpn' as 'vpn' group
 20104:20174
 # shill spawns logger as 'syslog' group
 20104:202
 # shill spawns tc as 'nobody' group
 20104:65534
 20104:1000
 # TODO(crbug.com/1262208) Uncomment these or write policies for the relevant groups.
 # We can't allow any of the target GIDs to switch to other GIDs, or
 # else a compromised shill could switch to one of them and then switch
 # to any GID on the system.
 # 217:217
 # 212:212
 # 224:224
 # 202:202
 # 605:605
 # 400:400
 # 20174:20174
 # 65534:65534
	# The SafeSetID LSM uses this list to record which UID’s/GID’s to restrict, look here for more information:
	# https://www.kernel.org/doc/html/latest/admin-guide/LSM/SafeSetID.html

	# shill spawns dhcpcd as 'dhcp' group
	20104:224
	# shill spawns wireguard tools, openvpn, and 'l2tpipsec_vpn' as 'vpn' group
	20104:20174
	# shill spawns logger as 'syslog' group
	20104:202
	# shill spawns tc as 'nobody' group
	20104:65534
	20104:1000
	# TODO(crbug.com/1262208) Uncomment these or write policies for the relevant groups.
	# We can't allow any of the target GIDs to switch to other GIDs, or
	# else a compromised shill could switch to one of them and then switch
	# to any GID on the system.
	# 217:217
	# 212:212
	# 224:224
	# 202:202
	# 605:605
	# 400:400
	# 20174:20174
	# 65534:65534