/proc contains information about all processes running on the system. By default this is accessible to all users. This can allows an attacker to spy a lot on other processes. To allow users to only see their own processes, edit /etc/fstab and add
systemd-logind still needs to see other users’ processes so, for user sessions to work correctly add this to /etc/systemd/system/systemd-logind.service.d/hidepid.conf
[Service]
SupplementaryGroups=proc
However when I do this, Pamac gives me an authentication failure. I can’t enter a password when I want to do something in Pamac (update, install, edit preferences) and pamac only gives me a dialog that the authentication failed.
thank you
I think this issue is really tough to crack
I don’t know how to unblock the communication between pamac and dbus or polkit.
I tried adding “SupplementaryGroups=proc”
to the /usr/lib/systemd/system/pamac-daemon.service file
and to the /etc/systemd/system/systemd-logind.service.d/hidepid.conf file
and also to the /etc/systemd/system/dbus-org.freedesktop.ModemManager1.service file
but no luck
I also tried reading the journalctl -f while I tried to get into preferences in pamac, the error does not seem to register in journalctl.
I’m actually using policykit-1 from experimental (0.113-6) so it does run as
polkitd user.
Hm, I guess this means you’d have to add your user to that group as well
(or rather any user who wants to use polkit). Which sort of defeats the
purpose of hidepid=2 to some extent.