ProtectProc setting
The property ProtectProc is a systemd unit setting used for sandboxing. It is available since systemd 247.
Purpose: control the 'hidepid' mount option to define what information from /proc is available
Why and when to use ProtectProc
The setting ProtectProc aims to protect information that normally can be retrieved from /proc.
Settings
The value default, which is also the default, will not restrict access. Value invisible will hide information, where ptraceable restrict the set to only processes that be monitored with the system call ptrace(2). The value noaccess is the most strict option.
Caveats
This setting will not have effect if the kernel does not support the hidepid mount option per individual mount point.
Generic advice
For most services use ProtectProc=invisible, as this hides information about other processes of other users. If no information about other processes from /proc is needed, then ProtectProc=noaccess can be considered.
Values
Systemd unit setting ProtectProc expects a boolean (yes/no or true/false) or string value.
| Value | Intended action | Available since systemd version |
|---|---|---|
| default | normal access allowed to /proc - default | |
| invisible | processes owned by other users are hidden from /proc | |
| noaccess | access to information about processes owned by other users is not available | |
| ptraceable | all processes are hidden unless the ptrace() function is allowed on a process |
Example to show the current value of ProtectProc for the ssh service:
systemctl show --property=ProtectProc ssh.serviceRelated hardening profiles
The systemd unit setting ProtectProc is used in the following hardening profiles.
