mirrors/krata
1
0
Fork 0
mirror of https://github.com/edera-dev/krata.git synced 2025-08-02 21:00:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

zone: init: mount /proc with hidepid=1 (#277)

Browse Source 
Mounting procfs with hidepid=1 denies access to procfs directories
for processes not accessible by the current user credentials.

Signed-off-by: Ariadne Conill <ariadne@ariadne.space>
This commit is contained in:
Ariadne Conill 2024-07-21 23:11:36 -07:00 committed by GitHub
parent c8795fa08d
commit 8806a79161
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crates/zone/src/init.rs
View File

@ -147,7 +147,7 @@ impl ZoneInit {
self.create_dir("/run", Some(0o0755)).await?;
self.mount_kernel_fs("devtmpfs", "/dev", "mode=0755", None, None)
.await?;
self.mount_kernel_fs("proc", "/proc", "", None, None)
self.mount_kernel_fs("proc", "/proc", "hidepid=1", None, None)
.await?;
self.mount_kernel_fs("sysfs", "/sys", "", None, None)
.await?;