ProtectProc setting
This article has last been updated at .
The property ProtectProc is a systemd unit setting used for sandboxing. It is available since systemd 247.
Purpose: control the 'hidepid' mount option to define what information from /proc is available
New to securing and tuning systemd services? Start with the how to harden a systemd service unit article to learn tuning step-by-step, including the usage of relevant tools.
Why and when to use ProtectProc
The setting ProtectProc aims to protect information that normally can be retrieved from /proc.
Settings
The value default, which is also the default, will not restrict access. Value invisible will hide information, where ptraceable restrict the set to only processes that be monitored with the system call ptrace(2). The value noaccess is the most strict option.
Caveats
This setting will not have effect if the kernel does not support the hidepid mount option per individual mount point.
Generic advice
For most services use ProtectProc=invisible, as this hides information about other processes of other users. If no information about other processes from /proc is needed, then ProtectProc=noaccess can be considered.
Values
Systemd unit setting ProtectProc expects a boolean (yes/no or true/false) or string value.
| Value | Intended action | Available since systemd version |
|---|---|---|
| default | normal access allowed to /proc - default | |
| invisible | processes owned by other users are hidden from /proc | |
| noaccess | access to information about processes owned by other users is not available | |
| ptraceable | all processes are hidden unless the ptrace() function is allowed on a process |
Example to show the current value of ProtectProc for the ssh service:
systemctl show --property=ProtectProc ssh.serviceRelated hardening profiles
The systemd unit setting ProtectProc is used in the following systemd hardening profiles. These hardening profiles help improving security of common Linux services and usually require minimal tuning.
