On Tue, 2023-06-27 at 09:36 +0100, Luca Boccassi wrote:
> That has been implemented a long time ago, services can set
> ProtectProc= so that processes run with hidepid:
>
> https://freedesktop.org/software/systemd/man/systemd.exec.html#ProtectProc=
Thats opt-in and for services only, there are folks who want to run
their entire system with hidepid=2, including root/user command-line
and graphical sessions, systemd doesn't support this setup.
On the global proc instance yes that cannot possibly work, as the kernel doesn't make the required information to do process management available. But with the per service setting you can set it on the graphical session (eg gdm.service), however it's likely that it won't cover everything, and also unrelated bits might break.