diff options
| author |  netblue30 <netblue30@yahoo.com> | 2018-05-09 11:17:56 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2018-05-09 11:17:56 -0400 |
| commit | a8f1634901aa46307bb61c682f5c7a3a6dc37a17 (patch) | |
| tree | e378e19fb7482b4099deac415452719d8bf2939b /test | |
| parent | fix /proc hidepid (diff) | |
| download | firejail-a8f1634901aa46307bb61c682f5c7a3a6dc37a17.tar.gz firejail-a8f1634901aa46307bb61c682f5c7a3a6dc37a17.tar.zst firejail-a8f1634901aa46307bb61c682f5c7a3a6dc37a17.zip | |
testing hidepid
Diffstat (limited to 'test')
| -rw-r--r-- | test/hidepid-howto | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/test/hidepid-howto b/test/hidepid-howto new file mode 100644 index 000000000..f207c9109 --- /dev/null +++ b/test/hidepid-howto | |||
| @@ -0,0 +1,27 @@ | |||
| 1 | 1. Find an unused user group for hidepid exception: | ||
| 2 | |||
| 3 | $ id | ||
| 4 | uid=1000(netblue) gid=100(users) groups=100(users),10(wheel),90(network), | ||
| 5 | 92(audio),93(optical),95(storage),98(power) | ||
| 6 | |||
| 7 | From /etc/group I pick up a group I am not part of: | ||
| 8 | |||
| 9 | $ cat /etc/group | ||
| 10 | [...] | ||
| 11 | xmms2:x:618: | ||
| 12 | rtkit:x:133: | ||
| 13 | vboxsf:x:109: | ||
| 14 | git:x:617: | ||
| 15 | [...] | ||
| 16 | |||
| 17 | I'll use group 618 (xmms2) | ||
| 18 | |||
| 19 | 2. Set hidepid and allow xmms2 users to bypass hidepid | ||
| 20 | |||
| 21 | $ sudo mount -o remount,rw,hidepid=2,gid=618 /proc | ||
| 22 | $ cat /proc/mounts | grep proc | ||
| 23 | proc /proc proc rw,nosuid,nodev,noexec,relatime,gid=618,hidepid=2 0 0 | ||
| 24 | |||
| 25 | 3. Test "firejail --list", "firejail --top", "firejail --tree", "firejail --netstats" | ||
| 26 | |||
| 27 | |||