1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
1. Find an unused user group for hidepid exception:
$ id
uid=1000(netblue) gid=100(users) groups=100(users),10(wheel),90(network),
92(audio),93(optical),95(storage),98(power)
From /etc/group I pick up a group I am not part of:
$ cat /etc/group
[...]
xmms2:x:618:
rtkit:x:133:
vboxsf:x:109:
git:x:617:
[...]
I'll use group 618 (xmms2)
2. Set hidepid and allow xmms2 users to bypass hidepid
$ sudo mount -o remount,rw,hidepid=2,gid=618 /proc
$ cat /proc/mounts | grep proc
proc /proc proc rw,nosuid,nodev,noexec,relatime,gid=618,hidepid=2 0 0
3. Test "firejail --list", "firejail --top", "firejail --tree", "firejail --netstats"
|
