procfs

From Gentoo Wiki
Jump to: navigation, search
This page contains changes which are not marked for translation.


procfs (process filesystem) is a virtual filesystem (virtual means it takes up no disk space) to output and change system and process information. It is generated by the kernel and mounted at /proc. The information in the sysfs filesystem replaces more and more system information of procfs.

Installation

Kernel

Activate the following kernel options:

KERNEL Enable procfs support
File systems  --->
    Pseudo filesystems  --->
        <*> /proc file system support

Configuration

/proc is mounted by OpenRC's /lib/rc/sh/init.sh[1]

user $mount | grep proc
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)

The init service /etc/init.d/procfs goes in runlevel boot.

user $/sbin/rc-update | grep procfs
               procfs | boot

Restricting access to PID directories

procfs provides the hidepid mount option to restrict access to the /proc/<pid> directories by other users. This is a hardening technique that can make it more difficult for malicious local users to gather information about the processes of other users[2].

Value Description
hidepid=0 The file located in /proc/<pid>/* will be world readable. This is the default behavior.
hidepid=1 The /proc/<pid> directories are visible by all users, but users can only access the /proc/<pid> directories they own. This will protect files such as /proc/<pid>/cmdline, which may contain sensitive information.
hidepid=2 Same as hidepid=1 but the /proc/<pid> directories of other users are hidden. Since this will hide process information from all users except root, it may be useful to allow access to privileged users such as those belonging to the wheel group.
FILE /etc/fstabHiding process information from other users except those in the wheel group
proc     /proc     proc     nosuid,nodev,noexec,hidepid=2,gid=wheel     0 0

Usage

See the Wikipedia article for the file's purpose.

Use cat to read the information, e.g. output the version of the currently running kernel:

user $cat /proc/version

To set values at runtime - if possible - use echo, e.g. to enable the Magic SysRQ keys:

root #echo 1 > /proc/sys/kernel.sysrq

sysctl

sysctl is a mechanism to modify certain kernel parameters at runtime. It is part of procfs and the files are located at /proc/sys/. /usr/src/linux/Documentation/sysctl/ contains documentation of most files.

sysctl work with keys, which can be assembled from the file path by removing the /proc/sys prefix and replace the backsplash with a point. So, e.g. /proc/sys/kernel/sysrq becomes kernel.sysrq.

It is certainly possible to modify files in /proc like performed above, however the sysctl tool (part of sys-process/procps) can modify /proc information in a much more structured way:

To enable the magic sysrq key:

root #sysctl kernel.sysrq=1

To show all keys and their current values:

root #sysctl -a

To configure kernel parameters at boot, add them to a .conf file in /etc/sysctl.d/. The recommended location for local settings is /etc/sysctl.d/local.conf. The legacy file /etc/sysctl.conf is also supported. To enable the magic SysRq key at boot:

FILE /etc/sysctl.d/local.conf
kernel.sysrq=1

OpenRC

The sysctl service reads the files at boot and executes settings. The service is enabled by default.

systemd

systemd knows beside /etc/sysctl.d/ also /usr/lib/sysctl.d/ for package-provided config files.

The systemd-sysctl service is enabled by default.

See also

References