# The SafeSetID LSM uses this list to record which UID’s/GID’s to restrict, look here for more information: | |
# https://www.kernel.org/doc/html/latest/admin-guide/LSM/SafeSetID.html | |
# authpolicyd sets its saved UID to the 'authpolicyd-exec' user | |
254:607 | |
# We can't allow the 'authpolicyd-exec' user to switch to other UIDs, or | |
# else a compromised authpolicyd could switch to 'authpolicyd-exec' and | |
# then switch to any UID on the system. | |
607:607 |