On Tuesday 06 of March 2018, [email protected] wrote: > Hi, > > i'm trying to allow users to run applications like ps or htop while > seeing only their own processes. Htop, for example, needs read > permission to /proc/<pid>/cmdline BUT when a process changes uid from > root to user, this happens: > - directory /proc/<pid>/ is correctly owned by user > - file /proc/<pid>/cmdline is still owned by root (with world read > permission)
Do you really need to use apparmor for this? Mount /proc with hidepid=2 option (and add that to fstab). -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
