hidepid mount option ignored

phoenix · 2020-12-29 23:16:14

For years now i've had hidepid=2 and gid=proc mount options enabled on /proc with no problems.
But since around the release of systemd 247 it no longer takes effect, and both above options are ignored.

If i manually mount /proc with hidepid, the processes will be hidden, but the filesystem will be mounted twice.

I found out systemd 247 introduced it as a per unit option, after kernel 5.8 also had work on procfs.
But no documentation states the old options are deprecated, the ArchWiki also hasn't changed.

I'm using the latest kernel (5.9.14 at the time of writing) and the journal doesn't show any proc related errors.

So i'm wondering if anyone else has this happening or is it my system?

seth · 2020-12-30 07:57:17

Do you add the parameter in fstab? Are other parametes (for other FS) honored?

systemctl status systemd-remount-fs

phoenix · 2020-12-30 13:11:39

systemctl status systemd-remount-fs
● systemd-remount-fs.service - Remount Root and Kernel File Systems
     Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; vendor preset: disabled)
     Active: active (exited) since Wed 2020-12-30 12:55:50 CET; 51min ago
       Docs: man:systemd-remount-fs.service(8)
             https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
    Process: 363 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=0/SUCCESS)
   Main PID: 363 (code=exited, status=0/SUCCESS)

Warning: journal has been rotated since unit was started, output may be incomplete.

Yes, i have it in fstab, and parameters for other filesystems work as they should.

seth · 2021-01-01 20:41:03

Does it work if you use

hidepid=invisible

(or one of "default", "noaccess", "invisible", "ptraceable")?

https://github.com/systemd/systemd/issu … -683120176

phoenix · 2021-01-03 19:56:21

I tried changing the value to "invisible", but it didn't work.
When i removed the entry from my fstab i got the same values i get when it's there:

/proc  proc   proc   rw,nosuid,nodev,noexec,relatime

Then i dug around in /proc, and in the mountinfo files some processes have this:

 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw,gid=26,hidepid=invisible

while others have:

/ /proc rw,nosuid,nodev,noexec,relatime shared:286 - proc proc rw

The processes that have hidepid enabled seem to always be run as root.

I think it might be a systemd related problem, but i could not find a .mount file for /proc in /usr/lib/systemd/system

seth · 2021-01-03 20:31:54

/proc is (supposed to be) remounted by

man 8 systemd-remount-fs.service

The status you posted in #3 was out of rotation, so you might take another look ifff there's some non-fatal issue… (but I doubt so)

You could test it against the lts kernel (where systemd should not make use of the new feature) but w/ "hidepid=2".

phoenix · 2021-01-06 14:44:09

The systemd-remount-fs service doesn't report any errors in the journal.
When booting the lts kernel, hidepid=2 works as expected, but that kernel won't be around for much longer, as 5.10 is the next lts.

Arch Linux

#1 2020-12-29 23:16:14

hidepid mount option ignored

#2 2020-12-30 07:57:17

Re: hidepid mount option ignored

#3 2020-12-30 13:11:39

Re: hidepid mount option ignored

#4 2021-01-01 20:41:03

Re: hidepid mount option ignored

#5 2021-01-03 19:56:21

Re: hidepid mount option ignored

#6 2021-01-03 20:31:54

Re: hidepid mount option ignored

#7 2021-01-06 14:44:09

Re: hidepid mount option ignored

Board footer