What's the state of `hidepid`?

It seems that there was an option security.hideProcessInformation which was removed in 2021 due to it being broken and incompatibility with cgroupsv2.

It’s now almost 3.5 years later and I haven’t seen an update regarding this situation, at least nothing I could find myself.

I’m at a point where I need hidepid=2 to prevent users from seeing other user’s processes, and while it does seem that I can enable this manually by mounting /proc with it, I want to know what I’m getting myself into and what the implications are.

Could someone kindly please tell me or point me to relevant discussions?

Check the references in https://zunzuncito.oriole.systems/12/, they provide some nice context on its current state.

1 Like

Thank you. Is there some alternative way to achieve the desired goal without using hidepid?

You have ProtectProc= (namespace - systemd protecting /proc: ProtectProc and ProcSubset - Unix & Linux Stack Exchange).

It seems it’s not possible to use this for per-user interactive login sessions, and disabling unified cgroup support for it is also a dead end.

Maybe create an upstream issue about it not working for user@.service, and linking back to the old inactive issue for visibility.

1 Like