Nis maps not updating
This group should be used instead of approaches such as putting nonroot users into the sudoers(5) file.
Sensitive files such as /proc/[pid]/cmdline and /proc/[pid]/status are now protected against other users.
This makes it impossible to learn whether any user is running a specific program (so long as the program doesn't otherwise reveal itself by its behavior).
2 As for mode 1, but in addition the /proc/[pid] directories belonging to other users become invisible.
In SELinux, this attribute is reset on execve(2), so that the new program reverts to the default behavior for any file creation calls it may make, but the attribute will per‐ sist across multiple file creation calls within a program unless it is explicitly reset.
In SELinux, a process can set only its own /proc/[pid]/attr/fscreate attribute.