procfs (process filesystem) is a virtual filesystem (i.e. it takes up no disk space) that can be used to show and change system and process information. It is generated by the kernel and mounted at /proc.
sysfs is a similar, more recent, implementation that is more and more replacing elements of procfs.
Activate the following kernel options:
File systems ---> Pseudo filesystems ---> <*> /proc file system support
/proc is mounted by OpenRC's /lib/rc/sh/init.sh:
mount | grep proc
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
The init service /etc/init.d/procfs goes in runlevel boot:
/sbin/rc-update | grep procfs
procfs | boot
Restricting access to PID directories
procfs provides the
hidepid mount option to restrict access to the /proc/<pid> directories by other users. This is a hardening technique that can make it more difficult for malicious local users to gather information about the processes of other users.
||The file located in /proc/<pid>/* will be world readable. This is the default behavior.|
||The /proc/<pid> directories are visible by all users, but users can only access the /proc/<pid> directories they own. This will protect files such as /proc/<pid>/cmdline, which may contain sensitive information.|
||Same as |
hidepid mount option can be configured to be used automatically when mounting /proc/, for example:
proc /proc proc nosuid,nodev,noexec,hidepid=2,gid=wheel 0 0
See the Wikipedia article for a description of each file's purpose.
Use cat to read information. For example, users can get the version of the currently running kernel with the following command:
Use echo to set values at runtime (if possible). For example, users can enable the Magic SysRq keys with the following command:
echo 1 > /proc/sys/kernel.sysrq
sysctl is a mechanism to modify certain kernel parameters at runtime. It is part of sys-process/procps and its files are located at /proc/sys/. These articles contain documentation of most files.
sysctl works with key-value pairs. The keys can be assembled from the file path by removing the /proc/sys prefix and replacing the forward slash with a dot. For example /proc/sys/kernel/sysrq becomes
It is certainly possible to modify files in /proc like performed above, however the sysctl tool can modify /proc information in a much more structured way:
To enable the magic SysRq keys:
To show all sysctl keys and their current values:
To configure kernel parameters at system boot, add them to a configuration file with a .conf suffix in the /etc/sysctl.d/ directory. The recommended location for local settings is /etc/sysctl.d/local.conf. The legacy file /etc/sysctl.conf is also supported. To enable the magic SysRq key at boot:
See the man pages for sysctl and sysctl.conf.
The sysctl service reads the files at boot and executes settings. The service is enabled by default.
Besides the /etc/sysctl.d/ directory systemd also knows the /usr/lib/sysctl.d/ directory. This second directory is for package-provided configuration files.
The systemd-sysctl service is enabled by default.
- sysfs — a virtual filesystem (virtual means it takes up no disk space).
- The proc filesystem (Security Handbook)
- ↑ Bug 406263 – Remove the two lines concerning proc and shm since they don't reflect the /etc/fstab file that is default in current state3 installation, Gentoo's Bugzilla Main Page, (Last modified) April 29th, 2012. Retrieved on October 23rd, 2015.
- ↑ Vasiliy Kulikov. procfs: add hidepid= and gid= mount options, Linux kernel source tree, January 10th, 2012. Retrieved on July 31st, 2015.