procfs (process filesystem) is a virtual filesystem (i.e. it takes up no disk space) that can be used to show and change system and process information. It is generated by the kernel and mounted at /proc. The information in the sysfs filesystem replaces more and more system information of procfs.
Activate the following kernel options:
File systems ---> Pseudo filesystems ---> <*> /proc file system support
/proc is mounted by OpenRC's /lib/rc/sh/init.sh
mount | grep proc
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
The init service /etc/init.d/procfs goes in runlevel boot.
/sbin/rc-update | grep procfs
procfs | boot
Restricting access to PID directories
procfs provides the
hidepid mount option to restrict access to the /proc/<pid> directories by other users. This is a hardening technique that can make it more difficult for malicious local users to gather information about the processes of other users.
||The file located in /proc/<pid>/* will be world readable. This is the default behavior.|
||The /proc/<pid> directories are visible by all users, but users can only access the /proc/<pid> directories they own. This will protect files such as /proc/<pid>/cmdline, which may contain sensitive information.|
||Same as |
proc /proc proc nosuid,nodev,noexec,hidepid=2,gid=wheel 0 0
See the Wikipedia article for a description of each file's purpose.
Use cat to read information. For example, users can get the version of the currently running kernel with the following command:
Use echo to set values at runtime (if possible). For example, users can enable the Magic SysRq keys with the following command:
echo 1 > /proc/sys/kernel.sysrq
sysctl works with keys value pairs. The keys can be assembled from the file path by removing the /proc/sys prefix and replacing the forward slash with a dot. For example /proc/sys/kernel/sysrq becomes
It is certainly possible to modify files in /proc like performed above, however the sysctl tool (part of sys-process/procps) can modify /proc information in a much more structured way:
To enable the magic SysRq keys:
To show all sysctl keys and their current values:
To configure kernel parameters at system boot, add them to a configuration file with a .conf suffix in the /etc/sysctl.d/ directory. The recommended location for local settings is /etc/sysctl.d/local.conf. The legacy file /etc/sysctl.conf is also supported. To enable the magic SysRq key at boot:
The sysctl service reads the files at boot and executes settings. The service is enabled by default.
Besides the /etc/sysctl.d/ directory systemd also knows the /usr/lib/sysctl.d/ directory. This second directory is for package-provided configuration files.
The systemd-sysctl service is enabled by default.
- The proc filesystem (Security Handbook)
- Bug 406263 – Remove the two lines concerning proc and shm since they don't reflect the /etc/fstab file that is default in current state3 installation, Gentoo's Bugzilla Main Page, (Last modified) April 29th, 2012. Retrieved on October 23rd, 2015.
- Vasiliy Kulikov. procfs: add hidepid= and gid= mount options, Linux kernel source tree, January 10th, 2012. Retrieved on July 31st, 2015.