This means that /proc/[pid] entries can no longer be used to discover the PIDs on the system.
This doesn't hide the fact that a process with a specific PID value exists (it can be learned by other means, for example, by "kill -0 $PID"), but it hides a process's UID and GID, which could other‐ wise be learned by employing stat(2) on a /proc/[pid] directory.
These files are normally owned by the effective user and effective group ID of the process.
However, as a security measure, the ownership is made root:root if the process's "dumpable" attribute is set to a value other than 1.
Other security mod‐ ules may choose to support "set" operations via writes to this node.