非root进程的/proc/pid/* 文件owner为root

问题：
有非root进程A，pid 为 N, 当我们查看/proc/N/ 下的文件属性时，发现这些文件的user:group 为root:root, 而不是A的所属的user:group.

分析：
根据 https://man7.org/linux/man-pages/man5/proc.5.html 的描述

/proc/[pid]
There is a numerical subdirectory for each running process;
the subdirectory is named by the process ID. Each /proc/[pid]
subdirectory contains the pseudo-files and directories
described below.
The files inside each /proc/[pid] directory are normally owned
by the effective user and effective group ID of the process.
However, as a security measure, the ownership is made
root:root if the process's "dumpable" attribute is set to a
value other than 1.

如果一个进程的 dumpable 属性被设置成了非1的值，那么/proc/pid/ 的用户属性就会是root:root

那么我们再来看，什么时候进程的dumpable 属性会被设置成非1.
根据 https://man7.org/linux/man-pages/man2/prctl.2.html 的描述：

PR_SET_DUMPABLE (since Linux 2.3.20)
Set the state of the "dumpable" attribute, which determines
whether core dumps are produced for the calling process upon
delivery of a signal whose default behavior is to produce a
core dump.
In kernels up to and including 2.6.12, arg2 must be either 0
(SUID_DUMP_DISABLE, process is not dumpable) or 1
(SUID_DUMP_USER, process is dumpable). Between kernels 2.6.13
and 2.6.17, the value 2 was also permitted, which caused any
binary which normally would not be dumped to be dumped
readable by root only; for security reasons, this feature has
been removed. (See also the description of /proc/sys/fs/
suid_dumpable in proc(5).)
Normally, the "dumpable" attribute is set to 1. However, it
is reset to the current value contained in the file
/proc/sys/fs/suid_dumpable (which by default has the value 0),
in the following circumstances:

• The process's effective user or group ID is changed.
• The process's filesystem user or group ID is changed (see
  credentials(7)).
• The process executes (execve(2)) a set-user-ID or set-
  group-ID program, resulting in a change of either the
  effective user ID or the effective group ID.
• The process executes (execve(2)) a program that has file
  capabilities (see capabilities(7)), but only if the
  permitted capabilities gained exceed those already
  permitted for the process.

正常情况下进程的dumpable 默认是1，但有一些场景下，这个值会被重置成/proc/sys/fs/suid_dumpable 里的值。符合我们的场景的就是最后一条：进程的exe 文件被设置了capabilities, 并且它的permitted capabilities 大于父进程。再看我们的/proc/sys/fs/suid_dumpable 的确为非1。