Orange Pi5 kernel

^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) # SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) config SECURITY_SAFESETID
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3)         bool "Gate setid transitions to limit CAP_SET{U/G}ID capabilities"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4)         depends on SECURITY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5)         select SECURITYFS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6)         default n
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7)         help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8)           SafeSetID is an LSM module that gates the setid family of syscalls to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9)           restrict UID/GID transitions from a given UID/GID to only those
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10)           approved by a system-wide whitelist. These restrictions also prohibit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11)           the given UIDs/GIDs from obtaining auxiliary privileges associated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12)           with CAP_SET{U/G}ID, such as allowing a user to set up user namespace
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13)           UID mappings.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15)           If you are unsure how to answer this question, answer N.