Wondering how to restrict your users to only see their own processes in Linux? A quick answer that comes up is the grsecurity patch, but that doesn’t cope very well with the apparmor functionality in Ubuntu’s kernel. Fortunately, not long ago Openwall developer Vasiliy Kulikov came up with this kernel patch that allows us to mount the proc filesystem with the hidepid and gid options, achieving this. All the details are supplied at the above link. The patch was imported into mainline kernel 3.3, I believe. As a side note, this has been backported to Debian Wheezy and Ubuntu Precise kernels.
Of course, FreeBSD has a similar option since 4.0, configurable via sysctl.
