procfs

From Gentoo Wiki
Jump to:navigation Jump to:search
Other languages:

procfs (process filesystem) is a virtual filesystem (i.e. it takes up no disk space) that can be used to show and change system and process information. It is generated by the kernel and mounted at /proc.

sysfs is a similar, more recent, implementation that is more and more replacing elements of procfs.

Installation

Kernel

Activate the following kernel options:

KERNEL Enable procfs support
File systems  --->
    Pseudo filesystems  --->
        <*> /proc file system support

Configuration

OpenRC

/proc is mounted by OpenRC's /lib/rc/sh/init.sh[1]:

user $mount | grep proc
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)

The init service /etc/init.d/procfs goes in runlevel boot:

user $/sbin/rc-update | grep procfs
procfs | boot

Restricting access to PID directories

procfs provides the hidepid mount option to restrict access to the /proc/<pid> directories by other users. This is a hardening technique that can make it more difficult for malicious local users to gather information about the processes of other users[2].

Value Description
hidepid=0 The file located in /proc/<pid>/* will be world readable. This is the default behavior.
hidepid=1 The /proc/<pid> directories are visible by all users, but users can only access the /proc/<pid> directories they own. This will protect files such as /proc/<pid>/cmdline, which may contain sensitive information.
hidepid=2 Same as hidepid=1 but the /proc/<pid> directories of other users are hidden. Since this will hide process information from all users except root, it may be useful to allow access to privileged users such as those belonging to the wheel group.

The hidepid mount option can be configured to be used automatically when mounting /proc/, for example:

FILE /etc/fstabHiding process information from other users except those in the wheel group
proc     /proc     proc     nosuid,nodev,noexec,hidepid=2,gid=wheel     0 0

Usage

See the Wikipedia article for a description of each file's purpose.

Use cat to read information. For example, users can get the version of the currently running kernel with the following command:

user $cat /proc/version

Use echo to set values at runtime (if possible). For example, users can enable the Magic SysRq keys with the following command:

root #echo 1 > /proc/sys/kernel.sysrq

sysctl

See also
Sysctl usage information is available at: Sysctl

See also

References