diff options
author | netblue30 <netblue30@yahoo.com> | 2018-05-09 11:17:56 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-05-09 11:17:56 -0400 |
commit | a8f1634901aa46307bb61c682f5c7a3a6dc37a17 (patch) | |
tree | e378e19fb7482b4099deac415452719d8bf2939b /test/hidepid-howto | |
parent | fix /proc hidepid (diff) | |
download | firejail-a8f1634901aa46307bb61c682f5c7a3a6dc37a17.tar.gz firejail-a8f1634901aa46307bb61c682f5c7a3a6dc37a17.tar.zst firejail-a8f1634901aa46307bb61c682f5c7a3a6dc37a17.zip |
testing hidepid
Diffstat (limited to 'test/hidepid-howto')
-rw-r--r-- | test/hidepid-howto | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/test/hidepid-howto b/test/hidepid-howto new file mode 100644 index 000000000..f207c9109 --- /dev/null +++ b/test/hidepid-howto | |||
@@ -0,0 +1,27 @@ | |||
1 | 1. Find an unused user group for hidepid exception: | ||
2 | |||
3 | $ id | ||
4 | uid=1000(netblue) gid=100(users) groups=100(users),10(wheel),90(network), | ||
5 | 92(audio),93(optical),95(storage),98(power) | ||
6 | |||
7 | From /etc/group I pick up a group I am not part of: | ||
8 | |||
9 | $ cat /etc/group | ||
10 | [...] | ||
11 | xmms2:x:618: | ||
12 | rtkit:x:133: | ||
13 | vboxsf:x:109: | ||
14 | git:x:617: | ||
15 | [...] | ||
16 | |||
17 | I'll use group 618 (xmms2) | ||
18 | |||
19 | 2. Set hidepid and allow xmms2 users to bypass hidepid | ||
20 | |||
21 | $ sudo mount -o remount,rw,hidepid=2,gid=618 /proc | ||
22 | $ cat /proc/mounts | grep proc | ||
23 | proc /proc proc rw,nosuid,nodev,noexec,relatime,gid=618,hidepid=2 0 0 | ||
24 | |||
25 | 3. Test "firejail --list", "firejail --top", "firejail --tree", "firejail --netstats" | ||
26 | |||
27 | |||