I don't think those mechanisms allow you to override the "disable_functions setting" which is applied with the CB 2.0 "secure_php" option, which seems to be a global setting. php-fpm conf gives the appearance of an override, but it doesn't seem to take effect. That is my primary issue at the moment, and is what people still have issues with as per these threads:
disable_functions directive is controlled by php.ini
If you want proc_open enabled for a particular user, then you have to remove proc_open from the php.ini file, then add it to all of the disabled_functions php_admin_value directive for all of the php-fpm pools. Then remove it from the disabled_functions php_admin_value for the pool that you want it enabled on.