From a5206bde336c159be065345e7dd5cb86b2b6a27f Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Sun, 10 Mar 2024 08:44:53 -0400 Subject: [PATCH] `proc-hidepid.service` add `gid=proc` This allows users that are a member of the `proc` group to be excluded from `hidepid` protections. https://github.com/Kicksecure/security-misc/issues/208 --- usr/lib/systemd/system/proc-hidepid.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/lib/systemd/system/proc-hidepid.service b/usr/lib/systemd/system/proc-hidepid.service index 7acad5b..2ec1858 100644 --- a/usr/lib/systemd/system/proc-hidepid.service +++ b/usr/lib/systemd/system/proc-hidepid.service @@ -12,7 +12,7 @@ After=local-fs.target [Service] Type=oneshot -ExecStart=/bin/mount -o remount,nosuid,nodev,noexec,hidepid=2 /proc +ExecStart=/bin/mount -o remount,nosuid,nodev,noexec,hidepid=2,gid=proc /proc RemainAfterExit=yes [Install]