Skip to content

Entries tagged "elrepo".

Hide other users' processes in Linux

And at last we have the equivalent of security.bsd.see_other_uids in Linux without the need to mess around with grsecurity! This is a security feature I've waited to land in Linux for a LONG time.
This characteristic can be enabled if you have kernel 3.3 (EL6/rhel/centos users can get it from here - thanks ajb!), but hopefully RedHat and other distributions will backport this feature in their kernels, too. The required patches are here and here.

So, how it works? Simple:
- mount /proc with the option "hidepid=1" to stop a regular user to see other processes but his when doing `ps` or `top`
- mount /proc with the option "hidepid=2" to not only stop the user from seeing other processes, but also disables the user's capacity to list /proc/$PIDs that are not his
- mount /proc with the option "hidepid=0" to go back to standard behaviour, all users can see all processes - this is the default
- there is also the "gid=xxx" mount option that lets the specified gid see all processes, even when hidepid is set to 1 or 2

You can read more about it here.


Long Term supported kernel in ElRepo for RHEL and the clones

The good people at just announced on their blog that in addition to the kernel-ml, tracking the current mainline kernel, we now also have kernel-lt (!!!) tracking the current long term supported mainline kernel.

So if you feel like going a bit more bleeding edge, but not too much, then kernel-lt is for you!