ProcSubset setting
This systemd unit setting was added since systemd 247.
Purpose: define the subset of access by unit to /proc
Why and when to use ProcSubset
The setting ProcSubset controls the “subset” mount option of /proc for the unit.
Caveats
This function does not if the “subnet” option for procfs is not supported.
Generic advice
The Linux kernel shares information from various kernel APIs via /proc. When activating this setting, these kernel APIs are also made unavailable, which might break common software, unless it is a trivial process. So this option is to be used with care. Typically it may be better to implement the ProtectProc setting.
Values
- all: no restriction of information from /proc - default
- pid: restricts information from /proc that not directly associated with process management and introspection
Example to show the current value of ProcSubset for the dmesg service:
systemctl show --property=ProcSubset dmesg.service