| # The SafeSetID LSM uses this list to record which UID’s/GID’s to restrict, look here for more information: | |
| # https://www.kernel.org/doc/html/latest/admin-guide/LSM/SafeSetID.html | |
| # The 'kerberosd' user may switch to 'kerberosd-exec' to run untrusted code. | |
| 20131:20138 | |
| # The 'kerberosd-exec' user may not switch back to 'kerberosd' or anywhere else. | |
| # Otherwise, compromised code could gain access to sensitive data like | |
| # passwords or even switch to 'root'. | |
| 20138:20138 |