A pull request for 5.4 included a fix to make SafeSetID useful due to a bug in 5.3. Details can be read here:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1b5fb415442eb3ec946d48afe8c87b0f2fd42d7c The needed commit is located here: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21ab8580b383f27b7f59b84ac1699cb26d6c3d69 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1845391 Title: SafeSetID LSM should be built but disabled by default Status in linux package in Ubuntu: In Progress Bug description: The SafeSetID LSM is unlikely to be useful, by default, for a general purpose OS but a system integrator may want to make use of it in certain cases. We should build SafeSetID but not enable it by default in Ubuntu. The LSM can be put to use using the lsm= kernel boot parameter. For example, lsm=capability,yama,safesetid,apparmor could be specified to make use of SafeSetID in addition to the LSMs that we use by default in Ubuntu 19.10. You can verify that it is enabled by reading the lsm file in securityfs: $ cat /sys/kernel/security/lsm capability,yama,safesetid,apparmor Documentation on configuring SafeSetID can be found here: https://www.kernel.org/doc/html/latest/admin-guide/LSM/SafeSetID.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1845391/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
