[linuxkernelnewbies] Linux 咨询／顾 问／支持 - Discover the possibilities of the /proc directory

[Peter Teoh]

http://linux-security.cn/index.php?option=com_content&task=view&id=2244&Itemid=42 The /proc directory is a strange beast. It doesn't really exist, yet you can explore it. Its zero-length files are neither binary nor text, yet you can examine and display them. This special directory holds all the details about your Linux system, including its kernel, processes, and configuration parameters. By studying the /proc directory, you can learn how Linux commands work, and you can even do some administrative tasks. Under Linux, everything is managed as a file; even devices are accessed as files (in the /dev directory). Although you might think that "normal" files are either text or binary (or possibly device or pipe files), the /proc directory contains a stranger type: virtual files. These files are listed, but don't actually exist on disk; the operating system creates them on the fly if you try to read them. Most virtual files always have a current timestamp, which indicates that they are constantly being kept up to date. The /proc directory itself is created every time you boot your box. You need to work as root to be able to examine the whole directory; some of the files (such as the process-related ones) are owned by the user who launched it. Although almost all the files are read-only, a few writable ones (notably in /proc/sys) allow you to change kernel parameters. (Of course, you must be careful if you do this.) /proc directory organization The /proc directory is organized in virtual directories and subdirectories, and it groups files by similar topic. Working as root, the ls /proc command brings up something like this: 1 2432 3340 3715 3762 5441 815 devices modules 129 2474 3358 3716 3764 5445 acpi diskstats mounts 1290 248 3413 3717 3812 5459 asound dma mtrr 133 2486 3435 3718 3813 5479 bus execdomains partitions 1420 2489 3439 3728 3814 557 dri fb self 165 276 3450 3731 39 5842 driver filesystems slabinfo 166 280 36 3733 3973 5854 fs interrupts splash 2 2812 3602 3734 4 6 ide iomem stat 2267 3 3603 3735 40 6381 irq ioports swaps 2268 326 3614 3737 4083 6558 net kallsyms sysrq-trigger 2282 327 3696 3739 4868 6561 scsi kcore timer_list 2285 3284 3697 3742 4873 6961 sys keys timer_stats 2295 329 3700 3744 4878 7206 sysvipc key-users uptime 2335 3295 3701 3745 5 7207 tty kmsg version 2400 330 3706 3747 5109 7222 buddyinfo loadavg vmcore 2401 3318 3709 3749 5112 7225 cmdline locks vmstat 2427 3329 3710 3751 541 7244 config.gz meminfo zoneinfo 2428 3336 3714 3753 5440 752 cpuinfo misc /proc resources Finding documentation about the /proc filesystem can be a chore, because it's distributed all around the kernel source. Looking in the /usr/scr/linux/Documentation directory, I found proc.txt, which contains plenty of information but is somewhat dated: its latest update was in November 2000, when kernel version 2.4.0 was just about to come out. Still, wading through this directory is easier than looking at the C source files. Note that you might end up getting more than you wanted; for example, the laptop-mode.txt file is almost 1,000 lines long and deals exclusively with the single /proc/sys/vm/laptop_mode file. The numbered directories (more on them later) correspond to each running process; a special self symlink points to the current process. Some virtual files provide hardware information, such as /proc/cpuinfo, /proc/meminfo, and /proc/interrupts. Others give file-related info, such as /proc/filesystems or /proc/partitions. The files under /proc/sys are related to kernel configuration parameters, as we'll see. The cat /proc/meminfo command might bring up something like this: # cat /proc/meminfo MemTotal: 483488 kB MemFree: 9348 kB Buffers: 6796 kB Cached: 168292 kB ...several lines snipped... If you try the top or free commands, you might recognize some of these numbers. In fact, several well-known utilities access the /proc directory to get their information. For example, if you want to know what kernel you're running, you might try uname -srv, or go to the source and type cat /proc/version. Some other interesting files include: /proc/apm: Provides information on Advanced Power Management, if it's installed. /proc/acpi: A similar directory that offers plenty of data on the more modern Advanced Configuration and Power Interface. For example, to see if your laptop is connected to the AC power, you can use cat /proc/acpi/ac_adapter/AC/state to get either "on line" or "off line." /proc/cmdline: Shows the parameters that were passed to the kernel at boot time. In my case, it contains root=/dev/disk/by-id/scsi-SATA_FUJITSU_MHS2040_NLA5T3314DW3-part3 vga=0x317 resume=/dev/sda2 splash=silent PROFILE="" which tells me which partition is the root of the filesystem, which VGA mode to use, and more. The last parameter has to do with openSUSE's System Configuration Profile Management. /proc/cpuinfo: Provides data on the processor of your box. For example, in my laptop, cat /proc/cpuinfo gets me a listing that starts with: processor : 0 vendor_id : AuthenticAMD cpu family : 6 model : 8 model name : Mobile AMD Athlon(tm) XP 2200+ stepping : 1 cpu MHz : 927.549 cache size : 256 KB This shows that I have only one processor, numbered 0, of the 80686 family (the 6 in cpu family goes as the middle digit): an AMD Athlon XP, running at less than 1GHz. /proc/loadavg: A related file that shows the average load on the processor; its information includes CPU usage in the last minute, last five minutes, and last 10 minutes, as well as the number of currently running processes. /proc/stat: Also gives statistics, but goes back to the last boot. /proc/uptime: A short file that has only two numbers: how many seconds your box has been up, and how many seconds it has been idle. /proc/devices: Displays all currently configured and loaded character and block devices. /proc/ide and /proc/scsi provide data on IDE and SCSI devices. /proc/ioports: Shows you information about the regions used for I/O communication with those devices. /proc/dma: Shows the Direct Memory Access channels in use. /proc/filesystems: Shows which filesystem types are supported by your kernel. A portion of this file might look like this: nodev sysfs nodev rootfs nodev bdev nodev proc nodev cpuset ...some lines snipped... nodev ramfs nodev hugetlbfs nodev mqueue ext3 nodev usbfs ext2 nodev autofs The first column shows whether the filesystem is mounted on a block device. In my case, I have partitions configured with ext2 and ext3 mounted. /proc/mounts: Shows all the mounts used by your machine (its output looks much like /etc/mtab). Similarly, /proc/partitions and /proc/swaps show all partitions and swap space. /proc/fs: If you're exporting filesystems with NFS, this directory has among its many subdirectories and files /proc/fs/nfsd/exports, which shows the file system that are being shared and their permissions. /proc/net: You can't beat this for network information. Describing each file in this directory would require too much space, but it includes /dev (each network device), several iptables (firewall) related files, net and socket statistics, wireless information, and more. There are also several RAM-related files. I've already mentioned /proc/meminfo, but you've also got /proc/iomem, which shows you how RAM memory is used in your box, and /proc/kcore, which represents the physical RAM of your box. Unlike most other virtual files, /proc/kcore shows a size that's equal to your RAM plus a small overhead. (Don't try to cat this file, because its contents are binary and will mess up your screen.) Finally, there are many hardware-related files and directories, such as /proc/interrupts and /proc/irq, /proc/pci (all PCI devices), /proc/bus, and so on, but they include very specific information, which most users won't need. What's in a process? As I said, the numerical named directories represent all running processes. When a process ends, its /proc directory disappears automatically. If you check any of these directories while they exist, you will find plenty of files, such as: attr cpuset fdinfo mountstats stat auxv cwd loginuid oom_adj statm clear_refs environ maps oom_score status cmdline exe mem root task coredump_filter fd mounts smaps wchan Let's take a look at the principal files: cmdline: Contains the command that started the process, with all its parameters. cwd: A symlink to the current working directory (CWD) for the process; exe links to the process executable, and root links to its root directory. environ: Shows all environment variables for the process. fd: Contains all file descriptors for a process, showing which files or devices it is using. maps, statm, and mem: Deal with the memory in use by the process. stat and status: Provide information about the status of the process, but the latter is far clearer than the former. These files provide several script programming challenges. For example, if you want to hunt for zombie processes, you could scan all numbered directories and check whether "(Z) Zombie" appears in the /status file. I once needed to check whether a certain program was running; I did a scan and looked at the /cmdline files instead, searching for the desired string. (You can also do this by working with the output of the ps command, but that's not the point here.) And if you want to program a better-looking top, all the needed information is right at your fingertips. Tweaking the system: /proc/sys /proc/sys not only provides information about the system, it also allows you to change kernel parameters on the fly, and enable or disable features. (Of course, this could prove harmful to your system -- consider yourself warned!) To determine whether you can configure a file or if it's just read-only, use ls -ld; if a file has the "W" attribute, it means you may use it to configure the kernel somehow. For example, ls -ld /proc/kernel/* starts like this: dr-xr-xr-x 0 root root 0 2008-01-26 00:49 pty dr-xr-xr-x 0 root root 0 2008-01-26 00:49 random -rw-r--r-- 1 root root 0 2008-01-26 00:49 acct -rw-r--r-- 1 root root 0 2008-01-26 00:49 acpi_video_flags -rw-r--r-- 1 root root 0 2008-01-26 00:49 audit_argv_kb -r--r--r-- 1 root root 0 2008-01-26 00:49 bootloader_type -rw------- 1 root root 0 2008-01-26 00:49 cad_pid -rw------- 1 root root 0 2008-01-26 00:49 cap-bound You can see that bootloader_type isn't meant to be changed, but other files are. To change a file, use something like echo 10 >/proc/sys/vm/swappiness. This particular example would allow you to tune the virtual memory paging performance. By the way, these changes are only temporary, and their effects will disappear when you reboot your system; use sysctl and the /etc/sysctl.conf file to effect more permanent changes. Let's take a high-level look at the /proc/sys directories: debug: Has (surprise!) debugging information. This is good if you're into kernel development. dev: Provides parameters for specific devices on your system; for example, check the /dev/cdrom directory. fs: Offers data on every possible aspect of the filesystem. kernel: Lets you affect the kernel configuration and operation directly. net: Lets you control network-related matters. Be careful, because messing with this can make you lose connectivity! vm: Deals with the VM subsystem. Conclusion The /proc special directory provides full detailed information about the inner workings of Linux and lets you fine-tune many aspects of its configuration. If you spend some time learning all the possibilities of this directory, you'll be able to get a more perfect Linux box. And isn't that something we all want?