diff -uprN systemd-255.orig/src/core/namespace.c systemd-255/src/core/namespace.c
--- systemd-255.orig/src/core/namespace.c	2024-01-17 10:05:07.200339329 +0800
+++ systemd-255/src/core/namespace.c	2024-01-17 13:10:26.672930958 +0800
@@ -4,8 +4,10 @@
 #include <linux/loop.h>
 #include <sched.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <sys/file.h>
 #include <sys/mount.h>
+#include <sys/utsname.h>
 #include <unistd.h>
 #if WANT_LINUX_FS_H
 #include <linux/fs.h>
@@ -1232,12 +1234,29 @@ static int mount_private_sysfs(const Mou
 
 static int mount_procfs(const MountEntry *m, const NamespaceParameters *p) {
         _cleanup_free_ char *opts = NULL;
+        struct utsname uts;
+        int r;
+        bool old = false;
 
         assert(m);
         assert(p);
 
-        if (p->protect_proc != PROTECT_PROC_DEFAULT ||
-            p->proc_subset != PROC_SUBSET_ALL) {
+        /* If uname says that the system is older than v5.8, then the textual hidepid= stuff is not
+         * supported by the kernel, and thus the per-instance hidepid= neither, which means we
+         * really don't want to use it, since it would affect our host's /proc * mount. Hence let's
+         * gracefully fallback to a classic, unrestricted version. */
+
+        r = uname(&uts);
+        if (r < 0)
+               return -errno;
+
+        if (strverscmp(uts.release, "5.8") < 0) {
+                log_debug("Pre v5.8 kernel detected [v%s] - skipping hidepid=", uts.release);
+                old = true;
+        }
+
+        if (!old && (p->protect_proc != PROTECT_PROC_DEFAULT ||
+            p->proc_subset != PROC_SUBSET_ALL)) {
 
                 /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it
                  * pretended to be per-instance but actually was per-namespace), hence let's make use of it