summaryrefslogtreecommitdiffstats
path: root/man/man5/proc.5
diff options
context:
space:
mode:
Diffstat (limited to 'man/man5/proc.5')
-rw-r--r--man/man5/proc.5266
1 files changed, 266 insertions, 0 deletions
diff --git a/man/man5/proc.5 b/man/man5/proc.5
new file mode 100644
index 0000000..bbdf162
--- /dev/null
+++ b/man/man5/proc.5
@@ -0,0 +1,266 @@
+.\" Copyright (C) 1994, 1995, Daniel Quinlan <quinlan@yggdrasil.com>
+.\" Copyright (C) 2002-2008, 2017, Michael Kerrisk <mtk.manpages@gmail.com>
+.\" Copyright (C) 2023, Alejandro Colomar <alx@kernel.org>
+.\"
+.\" SPDX-License-Identifier: GPL-3.0-or-later
+.\"
+.TH proc 5 2024-05-19 "Linux man-pages (unreleased)"
+.SH NAME
+proc \- process information, system information, and sysctl pseudo-filesystem
+.SH DESCRIPTION
+The
+.B proc
+filesystem is a pseudo-filesystem which provides an interface to
+kernel data structures.
+It is commonly mounted at
+.IR /proc .
+Typically, it is mounted automatically by the system,
+but it can also be mounted manually using a command such as:
+.P
+.in +4n
+.EX
+mount \-t proc proc /proc
+.EE
+.in
+.P
+Most of the files in the
+.B proc
+filesystem are read-only,
+but some files are writable, allowing kernel variables to be changed.
+.\"
+.SS Mount options
+The
+.B proc
+filesystem supports the following mount options:
+.TP
+.BR hidepid "=\fIn\fP (since Linux 3.3)"
+.\" commit 0499680a42141d86417a8fbaa8c8db806bea1201
+This option controls who can access the information in
+.IR /proc/ pid
+directories.
+The argument,
+.IR n ,
+is one of the following values:
+.RS
+.TP 4
+0
+Everybody may access all
+.IR /proc/ pid
+directories.
+This is the traditional behavior,
+and the default if this mount option is not specified.
+.TP
+1
+Users may not access files and subdirectories inside any
+.IR /proc/ pid
+directories but their own (the
+.IR /proc/ pid
+directories themselves remain visible).
+Sensitive files such as
+.IR /proc/ pid /cmdline
+and
+.IR /proc/ pid /status
+are now protected against other users.
+This makes it impossible to learn whether any user is running a
+specific program
+(so long as the program doesn't otherwise reveal itself by its behavior).
+.\" As an additional bonus, since
+.\" .IR /proc/[pid]/cmdline
+.\" is inaccessible for other users,
+.\" poorly written programs passing sensitive information via
+.\" program arguments are now protected against local eavesdroppers.
+.TP
+2
+As for mode 1, but in addition the
+.IR /proc/ pid
+directories belonging to other users become invisible.
+This means that
+.IR /proc/ pid
+entries can no longer be used to discover the PIDs on the system.
+This doesn't hide the fact that a process with a specific PID value exists
+(it can be learned by other means, for example, by "kill \-0 $PID"),
+but it hides a process's UID and GID,
+which could otherwise be learned by employing
+.BR stat (2)
+on a
+.IR /proc/ pid
+directory.
+This greatly complicates an attacker's task of gathering
+information about running processes (e.g., discovering whether
+some daemon is running with elevated privileges,
+whether another user is running some sensitive program,
+whether other users are running any program at all, and so on).
+.TP
+.BR gid "=\fIgid\fP (since Linux 3.3)"
+.\" commit 0499680a42141d86417a8fbaa8c8db806bea1201
+Specifies the ID of a group whose members are authorized to
+learn process information otherwise prohibited by
+.B hidepid
+(i.e., users in this group behave as though
+.I /proc
+was mounted with
+.IR hidepid=0 ).
+This group should be used instead of approaches such as putting
+nonroot users into the
+.BR sudoers (5)
+file.
+.RE
+.TP
+.BR subset = pid " (since Linux 5.8)"
+.\" commit 6814ef2d992af09451bbeda4770daa204461329e
+Show only the specified subset of procfs,
+hiding all top level files and directories in the procfs
+that are not related to tasks.
+.SS Overview
+Underneath
+.IR /proc ,
+there are the following general groups of files and subdirectories:
+.TP
+.IR /proc/ "pid subdirectories"
+Each one of these subdirectories contains files and subdirectories
+exposing information about the process with the corresponding process ID.
+.IP
+Underneath each of the
+.IR /proc/ pid
+directories, a
+.I task
+subdirectory contains subdirectories of the form
+.IR task/ tid,
+which contain corresponding information about each of the threads
+in the process, where
+.I tid
+is the kernel thread ID of the thread.
+.IP
+The
+.IR /proc/ pid
+subdirectories are visible when iterating through
+.I /proc
+with
+.BR getdents (2)
+(and thus are visible when one uses
+.BR ls (1)
+to view the contents of
+.IR /proc ).
+.TP
+.IR /proc/ "tid subdirectories"
+Each one of these subdirectories contains files and subdirectories
+exposing information about the thread with the corresponding thread ID.
+The contents of these directories are the same as the corresponding
+.IR /proc/ pid /task/ tid
+directories.
+.IP
+The
+.IR /proc/ tid
+subdirectories are
+.I not
+visible when iterating through
+.I /proc
+with
+.BR getdents (2)
+(and thus are
+.I not
+visible when one uses
+.BR ls (1)
+to view the contents of
+.IR /proc ).
+.TP
+.I /proc/self
+When a process accesses this magic symbolic link,
+it resolves to the process's own
+.IR /proc/ pid
+directory.
+.TP
+.I /proc/thread\-self
+When a thread accesses this magic symbolic link,
+it resolves to the process's own
+.IR /proc/self/task/ tid
+directory.
+.TP
+.I /proc/[a\-z]*
+Various other files and subdirectories under
+.I /proc
+expose system-wide information.
+.P
+All of the above are described in more detail in separate manpages
+whose names start with
+.BR proc_ .
+.\"
+.\" .SH FILES
+.\" FIXME Describe /proc/[pid]/sessionid
+.\" commit 1e0bd7550ea9cf474b1ad4c6ff5729a507f75fdc
+.\" CONFIG_AUDITSYSCALL
+.\" Added in Linux 2.6.25; read-only; only readable by real UID
+.\"
+.\" FIXME Describe /proc/[pid]/sched
+.\" Added in Linux 2.6.23
+.\" CONFIG_SCHED_DEBUG, and additional fields if CONFIG_SCHEDSTATS
+.\" Displays various scheduling parameters
+.\" This file can be written, to reset stats
+.\" The set of fields exposed by this file have changed
+.\" significantly over time.
+.\" commit 43ae34cb4cd650d1eb4460a8253a8e747ba052ac
+.\"
+.\" FIXME Describe /proc/[pid]/schedstats and
+.\" /proc/[pid]/task/[tid]/schedstats
+.\" Added in Linux 2.6.9
+.\" CONFIG_SCHEDSTATS
+.\" FIXME Document /proc/sched_debug (since Linux 2.6.23)
+.\" See also /proc/[pid]/sched
+.\" FIXME 2.6.13 seems to have /proc/vmcore implemented; document this
+.\" See Documentation/kdump/kdump.txt
+.\" commit 666bfddbe8b8fd4fd44617d6c55193d5ac7edb29
+.\" Needs CONFIG_VMCORE
+.\"
+.SH NOTES
+Many files contain strings (e.g., the environment and command line)
+that are in the internal format,
+with subfields terminated by null bytes (\[aq]\e0\[aq]).
+When inspecting such files, you may find that the results are more readable
+if you use a command of the following form to display them:
+.P
+.in +4n
+.EX
+.RB "$" " cat \fIfile\fP | tr \[aq]\e000\[aq] \[aq]\en\[aq]"
+.EE
+.in
+.\" .SH ACKNOWLEDGEMENTS
+.\" The material on /proc/sys/fs and /proc/sys/kernel is closely based on
+.\" kernel source documentation files written by Rik van Riel.
+.SH SEE ALSO
+.BR cat (1),
+.BR dmesg (1),
+.BR find (1),
+.BR free (1),
+.BR htop (1),
+.BR init (1),
+.BR ps (1),
+.BR pstree (1),
+.BR tr (1),
+.BR uptime (1),
+.BR chroot (2),
+.BR mmap (2),
+.BR readlink (2),
+.BR syslog (2),
+.BR slabinfo (5),
+.BR sysfs (5),
+.BR hier (7),
+.BR namespaces (7),
+.BR time (7),
+.BR arp (8),
+.BR hdparm (8),
+.BR ifconfig (8),
+.BR lsmod (8),
+.BR lspci (8),
+.BR mount (8),
+.BR netstat (8),
+.BR procinfo (8),
+.BR route (8),
+.BR sysctl (8)
+.P
+The Linux kernel source files:
+.IR Documentation/filesystems/proc.rst ,
+.IR Documentation/admin\-guide/sysctl/fs.rst ,
+.IR Documentation/admin\-guide/sysctl/kernel.rst ,
+.IR Documentation/admin\-guide/sysctl/net.rst ,
+and
+.IR Documentation/admin\-guide/sysctl/vm.rst .