From aaebb32b668f4447c011f4e150f959c8d0e1ce09 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Sat, 5 Oct 2019 09:39:05 +0000
Subject: [PATCH] readme

---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index f504ced..83fb10e 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,13 @@ flawed process.
 a history of security concerns.
 https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns
 
+* A systemd service restricts /proc/cpuinfo, /proc/bus, /proc/scsi and
+/sys to the root user only. This hides a lot of hardware identifiers from
+unprivileged users and increases security as /sys exposes a lot of information
+that shouldn't be accessible to unprivileged users. As this will break many
+things, it is disabled by default and can optionally be enabled by running
+`systemctl enable hide-hardware-info.service` as root.
+
 Uncommon network protocols are blacklisted:
 These are rarely used and may have unknown vulnerabilities.
 /etc/modprobe.d/uncommon-network-protocols.conf