« Back to Settings for systemd units

ProtectProc setting

This systemd unit setting was added since systemd 247.

Purpose: control the 'hidepid' mount option to define what information from /proc is available

Why and when to use ProtectProc

The setting ProtectProc aims to protect information that normally can be retrieved from /proc.

Settings

The value default, which is also the default, will not restrict access. Value invisible will hide information, where ptraceable restrict the set to only processes that be monitored with the system call ptrace(). The value noaccess is the most strict option.

Caveats

This setting will not have effect if the kernel does not support the hidepid mount option per individual mount point.

Generic advice

For most services use ProtectProc=invisible, as this hides information about other processes of other users. If no information about other processes from /proc is needed, then ProtectProc=noaccess can be considered.

Values

  • default: normal access allowed to /proc - default
  • invisible: processes owned by other users are hidden from /proc
  • noaccess: access to information about processes owned by other users is not available
  • ptraceable: all processes are hidden unless the ptrace() function is allowed on a process

Example to show the current value of ProtectProc for the dmesg service:

systemctl show --property=ProtectProc dmesg.service

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon