From 037b38aaf82403fb6898a439adc6a9b38592b5c8 Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Thu, 10 Oct 2019 22:46:25 +0000
Subject: [PATCH] Check if /proc is mounted with hidepid

---
 bubblewrap.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/bubblewrap.c b/bubblewrap.c
index 91567627..57a220d4 100644
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -2227,6 +2227,15 @@ main (int    argc,
           if (max_user_ns != NULL && strcmp(max_user_ns, "0\n") == 0)
             disabled = TRUE;
         }
+    
+      /* Check if /proc is mounted with hidepid=1 or hidepid=2 */
+      if (stat ("/proc/mounts", &sbuf) == 0)
+        {
+          cleanup_free char *hidepid = NULL;
+          hidepid = load_file_at (AT_FDCWD, "/proc/mounts");
+          if (strstr(hidepid, "hidepid=") != NULL)
+            disabled = TRUE;
+        }
 
       /* Debian lets you disable *unprivileged* user namespaces. However this is not
          a problem if we're privileged, and if we're not opt_unshare_user is TRUE