authpolicy/setuid_restrictions/authpolicyd_uid_allowlist.txt - mirrors/cros/chromiumos/platform2 - Git at Google

 # The SafeSetID LSM uses this list to record which UID’s/GID’s to restrict, look here for more information:
 # https://www.kernel.org/doc/html/latest/admin-guide/LSM/SafeSetID.html

 # authpolicyd sets its saved UID to the 'authpolicyd-exec' user
 254:607
 # We can't allow the 'authpolicyd-exec' user to switch to other UIDs, or
 # else a compromised authpolicyd could switch to 'authpolicyd-exec' and
 # then switch to any UID on the system.
 607:607
	# The SafeSetID LSM uses this list to record which UID’s/GID’s to restrict, look here for more information:
	# https://www.kernel.org/doc/html/latest/admin-guide/LSM/SafeSetID.html

	# authpolicyd sets its saved UID to the 'authpolicyd-exec' user
	254:607
	# We can't allow the 'authpolicyd-exec' user to switch to other UIDs, or
	# else a compromised authpolicyd could switch to 'authpolicyd-exec' and
	# then switch to any UID on the system.
	607:607