# The SafeSetID LSM uses this list to record which UID’s/GID’s to restrict, look here for more information: | |
# https://www.kernel.org/doc/html/latest/admin-guide/LSM/SafeSetID.html | |
# The 'kerberosd' user may switch to 'kerberosd-exec' to run untrusted code. | |
20131:20138 | |
# The 'kerberosd-exec' user may not switch back to 'kerberosd' or anywhere else. | |
# Otherwise, compromised code could gain access to sensitive data like | |
# passwords or even switch to 'root'. | |
20138:20138 |