procfs (process filesystem) is a virtual filesystem (i.e. it takes up no disk space) that can be used to show and change system and process information. It is generated by the kernel and mounted at /proc.
sysfs is a similar, more recent, implementation that is more and more replacing elements of procfs.
Activate the following kernel options:
File systems ---> Pseudo filesystems ---> <*> /proc file system support
/proc is mounted by OpenRC's /lib/rc/sh/init.sh:
mount | grep proc
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
The init service /etc/init.d/procfs goes in runlevel boot:
/sbin/rc-update | grep procfs
procfs | boot
Restricting access to PID directories
procfs provides the
hidepid mount option to restrict access to the /proc/<pid> directories by other users. This is a hardening technique that can make it more difficult for malicious local users to gather information about the processes of other users.
||The file located in /proc/<pid>/* will be world readable. This is the default behavior.|
||The /proc/<pid> directories are visible by all users, but users can only access the /proc/<pid> directories they own. This will protect files such as /proc/<pid>/cmdline, which may contain sensitive information.|
||Same as |
hidepid mount option can be configured to be used automatically when mounting /proc/, for example:
proc /proc proc nosuid,nodev,noexec,hidepid=2,gid=wheel 0 0
See the Wikipedia article for a description of each file's purpose.
Use cat to read information. For example, users can get the version of the currently running kernel with the following command:
Use echo to set values at runtime (if possible). For example, users can enable the Magic SysRq keys with the following command:
echo 1 > /proc/sys/kernel.sysrq
- sysfs — a virtual filesystem (virtual means it takes up no disk space).
- The proc filesystem (Security Handbook)
- Bug 406263 – Remove the two lines concerning proc and shm since they don't reflect the /etc/fstab file that is default in current state3 installation, Gentoo's Bugzilla Main Page, (Last modified) April 29th, 2012. Retrieved on October 23rd, 2015.
- Vasiliy Kulikov. procfs: add hidepid= and gid= mount options, Linux kernel source tree, January 10th, 2012. Retrieved on July 31st, 2015.