mount /proc with hidepid=2 option

sls/gentoo/hardening.sls

@@ -0,0 +1,27 @@
+proc_view:
+  group.present:
+    - gid: 391
+    - system: True
+  {%- if salt['cmd.retcode']('id polkitd') == 0 %}
+    - addusers:
+      - polkitd
+  {%- endif %}
+
+/proc:
+  mount.mounted:
+    - device: proc
+    - fstype: proc
+    - dump: 0 
+    - pass_num: 0
+    - persist: True
+    - mkmnt: True
+    - opts:
+      - defaults
+      - nosuid
+      - nodev
+      - noexec
+      - relatime
+      - hidepid=2
+      - gid=391
+    - require:
+      - group: proc_view

sls/gentoo/init.sls

@@ -4,4 +4,5 @@ include:
   - gentoo.repos.gentoo
   - gentoo.profile
   - gentoo.makeconf
+  - gentoo.hardening