Procfs

From Gentoo Wiki
Jump to:navigation Jump to:search
This page is a translated version of the page Procfs and the translation is 33% complete.
Outdated translations are marked like this.
Other languages:

procfs (process filesystem) is a virtual filesystem (i.e. it takes up no disk space) that can be used to show and change system and process information. It is generated by the kernel and mounted at /proc.

sysfs ist eine ähnliche, neuere Implementierung, die mehr und mehr Elemente von procfs ersetzt.

Installation

Kernel

Activate the following kernel options:

KERNEL Enable procfs support
File systems  --->
    Pseudo filesystems  --->
        <*> /proc file system support

Konfiguration

OpenRC

/proc is mounted by OpenRC's /lib/rc/sh/init.sh[1]:

user $mount | grep proc
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)

The init service /etc/init.d/procfs goes in runlevel boot:

user $/sbin/rc-update | grep procfs
procfs | boot

Den Zugriff auf PID-Verzeichnisse einschränken

procfs provides the hidepid mount option to restrict access to the /proc/<pid> directories by other users. This is a hardening technique that can make it more difficult for malicious local users to gather information about the processes of other users[2].

Value Description
hidepid=0 The file located in /proc/<pid>/* will be world readable. This is the default behavior.
hidepid=1 The /proc/<pid> directories are visible by all users, but users can only access the /proc/<pid> directories they own. This will protect files such as /proc/<pid>/cmdline, which may contain sensitive information.
hidepid=2 Same as hidepid=1 but the /proc/<pid> directories of other users are hidden. Since this will hide process information from all users except root, it may be useful to allow access to privileged users such as those belonging to the wheel group.

The hidepid mount option can be configured to be used automatically when mounting /proc/, for example:

DATEI /etc/fstabHiding process information from other users except those in the wheel group
proc     /proc     proc     nosuid,nodev,noexec,hidepid=2,gid=wheel     0 0

Bedienung

See the Wikipedia article for a description of each file's purpose.

Use cat to read information. For example, users can get the version of the currently running kernel with the following command:

user $cat /proc/version

Use echo to set values at runtime (if possible). For example, users can enable the Magic SysRq keys with the following command:

root #echo 1 > /proc/sys/kernel.sysrq

sysctl

sysctl is a mechanism to modify certain kernel parameters at runtime. It is part of sys-process/procps and its files are located at /proc/sys/. These articles contain documentation of most files.

sysctl works with key-value pairs. The keys can be assembled from the file path by removing the /proc/sys prefix and replacing the forward slash with a dot. For example /proc/sys/kernel/sysrq becomes kernel.sysrq.

It is certainly possible to modify files in /proc like performed above, however the sysctl tool can modify /proc information in a much more structured way:

To enable the magic SysRq keys:

root #sysctl kernel.sysrq=1

To show all sysctl keys and their current values:

root #sysctl -a

To configure kernel parameters at system boot, add them to a configuration file with a .conf suffix in the /etc/sysctl.d/ directory. The recommended location for local settings is /etc/sysctl.d/local.conf. The legacy file /etc/sysctl.conf is also supported. To enable the magic SysRq key at boot:

DATEI /etc/sysctl.d/local.conf
kernel.sysrq=1

Siehe man pages für sysctl und sysctl.conf .

OpenRC

Der Dienst sysctl liest die Dateien beim Booten und führt die Einstellungen aus. Der Dienst ist standardmäßig aktiviert.

systemd

Besides the /etc/sysctl.d/ directory systemd also knows the /usr/lib/sysctl.d/ directory. This second directory is for package-provided configuration files.

The systemd-sysctl service is enabled by default.

Siehe auch

Referenzen