From f82731698c20028531de673903faca10aa136416 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon, 1 Jul 2019 14:53:01 +0000
Subject: [PATCH] re-enable PrivateNetwork=true

---
 lib/systemd/system/proc-hidepid.service | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/systemd/system/proc-hidepid.service b/lib/systemd/system/proc-hidepid.service
index c7e016e..535b8b1 100644
--- a/lib/systemd/system/proc-hidepid.service
+++ b/lib/systemd/system/proc-hidepid.service
@@ -11,6 +11,7 @@ After=local-fs.target
 Type=oneshot
 ExecStart=/bin/mount -o remount,nosuid,nodev,noexec,hidepid=2 /proc
 
+## Disabled since not working in Qubes.
 #ProtectSystem=strict
 #ProtectHome=true
 #ProtectKernelTunables=true
@@ -19,7 +20,6 @@ ExecStart=/bin/mount -o remount,nosuid,nodev,noexec,hidepid=2 /proc
 #PrivateTmp=true
 #PrivateMounts=true
 #PrivateDevices=true
-#PrivateNetwork=true
 #MemoryDenyWriteExecute=true
 #NoNewPrivileges=true
 #RestrictRealtime=true
@@ -27,5 +27,7 @@ ExecStart=/bin/mount -o remount,nosuid,nodev,noexec,hidepid=2 /proc
 #RestrictNamespaces=true
 #SystemCallFilter=mount munmap access read open close stat fstat lstat mmap mprotect brk rt_sigaction rt_sigprocmask execve readlink getrlimit getuid getgid geteuid getegid statfs prctl arch_prctl set_tid_address newfstatat set_robust_list openat mkdir
 
+PrivateNetwork=true
+
 [Install]
 WantedBy=multi-user.target