From 48416f8441e852cac63f3b78193c5bbf123b7523 Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@ariadne.space>
Date: Sun, 21 Jul 2024 21:33:43 -0700
Subject: [PATCH] zone: init: mount /proc with hidepid=1

Mounting procfs with hidepid=1 denies access to procfs directories
for processes not accessible by the current user credentials.

Signed-off-by: Ariadne Conill <ariadne@ariadne.space>
---
 crates/zone/src/init.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/zone/src/init.rs b/crates/zone/src/init.rs
index 5eff50c..897ebb5 100644
--- a/crates/zone/src/init.rs
+++ b/crates/zone/src/init.rs
@@ -147,7 +147,7 @@ impl ZoneInit {
         self.create_dir("/run", Some(0o0755)).await?;
         self.mount_kernel_fs("devtmpfs", "/dev", "mode=0755", None, None)
             .await?;
-        self.mount_kernel_fs("proc", "/proc", "", None, None)
+        self.mount_kernel_fs("proc", "/proc", "hidepid=1", None, None)
             .await?;
         self.mount_kernel_fs("sysfs", "/sys", "", None, None)
             .await?;