grawity · December 20, 2021 19:02
diff --git a/hidepid.conf.xml b/hidepid.conf.xml
 <?xml version="1.0"?>
 <!-- /etc/dbus-1/system.d/hidepid.conf -->
 <!-- This prevents users from bypassing /proc hidepid= restrictions using 'systemctl status'. -->
 <busconfig>
 	<!-- Allow root to use systemctl -->
 	<policy user="root">
 		<allow send_destination="org.freedesktop.systemd1"
 			send_interface="org.freedesktop.systemd1.Manager"
 			send_member="GetUnitProcesses"/>
 	</policy>

 	<!-- Optional, but can be used to match the "no-hidepid" gid= if you have it specified -->
 	<policy group="proc">
 		<allow send_destination="org.freedesktop.systemd1"
 			send_interface="org.freedesktop.systemd1.Manager"
 			send_member="GetUnitProcesses"/>
 	</policy>

 	<!-- Deny for everyone else -->
 	<policy context="default">
 		<deny send_destination="org.freedesktop.systemd1"
 			send_interface="org.freedesktop.systemd1.Manager"
 			send_member="GetUnitProcesses"/>
 	</policy>
 </busconfig>
	<?xml version="1.0"?>
	<!-- /etc/dbus-1/system.d/hidepid.conf -->
	<!-- This prevents users from bypassing /proc hidepid= restrictions using 'systemctl status'. -->
	<busconfig>
	<!-- Allow root to use systemctl -->
	<policy user="root">
	<allow send_destination="org.freedesktop.systemd1"
	send_interface="org.freedesktop.systemd1.Manager"
	send_member="GetUnitProcesses"/>
	</policy>

	<!-- Optional, but can be used to match the "no-hidepid" gid= if you have it specified -->
	<policy group="proc">
	<allow send_destination="org.freedesktop.systemd1"
	send_interface="org.freedesktop.systemd1.Manager"
	send_member="GetUnitProcesses"/>
	</policy>

	<!-- Deny for everyone else -->
	<policy context="default">
	<deny send_destination="org.freedesktop.systemd1"
	send_interface="org.freedesktop.systemd1.Manager"
	send_member="GetUnitProcesses"/>
	</policy>
	</busconfig>