Citát Arkadiusz Miśkiewicz <>:

On Tuesday 06 of March 2018, wrote:

i'm trying to allow users to run applications like ps or htop while
seeing only their own processes. Htop, for example, needs read
permission to /proc/<pid>/cmdline BUT when a process changes uid from
root to user, this happens:
  - directory /proc/<pid>/ is correctly owned by user
  - file /proc/<pid>/cmdline is still owned by root (with world read

Do you really need to use apparmor for this?

Mount /proc with hidepid=2 option (and add that to fstab).

Arkadiusz Miśkiewicz, arekm / ( | )

Haha, thanks, didn't know about that. Funny is, that problem with processes which changed uid are still a problem :) cannot access (hidepid=1) or see (hidepid=2) them.

Any other hints?

AppArmor mailing list
Modify settings or unsubscribe at:

Reply via email to