Enable hidepid=2 on /proc
Add the following mount options to the /proc filesystem:
This change blocks /proc access unless you're in group 3009
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
9 files changed