proc-hidepid.service add gid=proc

This allows users that are a member of the `proc` group to be excluded from `hidepid` protections. https://github.com/Kicksecure/security-misc/issues/208
2024-10-01 08:25:45 -04:00 · 2024-03-10 08:44:53 -04:00 · 2024-03-10 08:44:53 -04:00 · a5206bde33
commit a5206bde33
parent 0f0d9ca2a4
1 changed files with 1 additions and 1 deletions
--- a/usr/lib/systemd/system/proc-hidepid.service
+++ b/usr/lib/systemd/system/proc-hidepid.service
@ -12,7 +12,7 @@ After=local-fs.target

 [Service]
 Type=oneshot
-ExecStart=/bin/mount -o remount,nosuid,nodev,noexec,hidepid=2 /proc
+ExecStart=/bin/mount -o remount,nosuid,nodev,noexec,hidepid=2,gid=proc /proc
 RemainAfterExit=yes

 [Install]